{"id":"openswitch-tacacs-server","name":"tacacs_server","homepage":"https://hub.docker.com/r/openswitch/tacacs_server","repo_url":"https://hub.docker.com/r/openswitch/tacacs_server","category":"security","subcategories":[],"tags":["tacacs+","aaa","network-security","authentication","authorization","accounting","protocol-server","infrastructure"],"what_it_does":"TACACS+ server component for AAA (authentication, authorization, and accounting). Typically provides a network service that accepts TACACS+ requests from network devices and applies configured authentication/authorization/accounting policies.","use_cases":["Centralized AAA for network equipment using the TACACS+ protocol","Automated management of authentication and authorization decisions for users accessing routers/switches/VPNs","Auditable accounting for access/session logging via TACACS+ accounting records"],"not_for":["Replacing RADIUS/other AAA systems when your environment does not use TACACS+","General-purpose application API for business logic (it is a network security service)"],"best_when":"You have network gear configured for TACACS+ and need a self-hosted AAA endpoint with tight control over TACACS+ policies.","avoid_when":"You need a cloud-hosted SaaS API/SDK experience rather than operating a network daemon/service; or you cannot safely expose the service to the required network path.","alternatives":["FreeRADIUS (RADIUS)","Diameter/AAA components (vendor-specific)","Commercial AAA platforms or managed TACACS+/RADIUS services","Identity providers with vendor-integrated AAA (e.g., TACACS+ bridging to AD/LDAP)"],"af_score":24.8,"security_score":45.8,"reliability_score":33.8,"package_type":"mcp_server","discovery_source":["docker_mcp"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:34:06.813379+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["TACACS+ server authentication (shared secret between TACACS+ client and server)","User authentication via configured backends (commonly LDAP/AD/RADIUS-like backends, depending on configuration)"],"oauth":false,"scopes":false,"notes":"Auth method is primarily protocol-based (TACACS+ shared secret) plus whatever identity backend the deployment is configured to use. No OAuth/scopes are indicated from the provided package name alone."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Assumed self-hosted software; pricing not determinable from provided data."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":24.8,"security_score":45.8,"reliability_score":33.8,"mcp_server_quality":0.0,"documentation_accuracy":30.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":45.0,"rate_limit_clarity":10.0,"tls_enforcement":30.0,"auth_strength":65.0,"scope_granularity":40.0,"dependency_hygiene":50.0,"secret_handling":40.0,"security_notes":"Security depends heavily on deployment configuration (shared secret strength, network exposure, transport security, and backend auth). TLS/transport encryption for TACACS+ is not guaranteed by the package name alone; scope granularity is typically policy-based rather than OAuth-like scopes. Secret handling and dependency hygiene cannot be verified without code/manifests.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":50.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Agents generally cannot “call” a TACACS+ server like an HTTP API; they would need network/protocol-level handling.","Configuration and shared-secret handling are critical; small config mistakes can cause authentication failures.","TACACS+ operations are stateful from a network/session perspective; retries can lead to duplicated accounting records if not handled carefully."]}}