We have been scanning network devices and aree now tasked with having those scans be authenticated. The client wants to setup TACACS accounts for the scanner to be able ti authenticate to the devices. Is that possible? We have Wiondows and Shell authentication, but not sure if we can use TACACS.
TACACS is just a way for a network device to ask another device to authenticate the user. Somewhat like Kerberos, or other domain logon from Windows. It is just the network device that receives the user credentials and decides to use a remote database instead of a local db.
You just make sure the scanning user has an entry with a static password on the TACACS server, and the device will use TACACS authentication.
I prefer Radius over TACACS these days. TACACS+ is just a way to lock people in to Cisco. Radius is the standard, and even supported by Cisco.