nanog mailing list archives
Re: The state of TACACS+
From: "cb.list6" <cb.list6 () gmail com>
Date: Mon, 30 Dec 2013 06:07:17 -0800
On Dec 30, 2013 9:01 AM, "Saku Ytti" <saku () ytti fi> wrote:
On (2013-12-30 08:49 -0500), Christopher Morrow wrote:Nor accounting...I think this is probably sufficient justification for TACACS+. I'm not
sure if
command authorization is sufficient, as you can deliver group via radius
which
maps to authorized commands. But if you must support accounting, per-command authorization comes as
free
gift more or less.
Yes. Per-command auth and accounting is needed. So what we need is tacacs over TLS (sctp / ipv6) I agree tacacs is long in the tooth and needs to be revisited and invested in. Please take my money (serious) CB
-- ++ytti
Current thread:
- The state of TACACS+ Robert Drake (Dec 30)
- Re: The state of TACACS+ Jonathan Lassoff (Dec 30)
- Re: The state of TACACS+ Saku Ytti (Dec 30)
- Re: The state of TACACS+ Christopher Morrow (Dec 30)
- Re: The state of TACACS+ Christopher Morrow (Dec 30)
- Re: The state of TACACS+ Saku Ytti (Dec 30)
- Re: The state of TACACS+ cb.list6 (Dec 30)
- Re: The state of TACACS+ Christopher Morrow (Dec 30)
- Re: The state of TACACS+ Christian Kratzer (Dec 30)
- Re: The state of TACACS+ Javier Henderson (Dec 30)
- Re: The state of TACACS+ Jimmy Hess (Dec 30)
- Re: The state of TACACS+ Javier Henderson (Dec 30)
- Re: The state of TACACS+ Jimmy Hess (Dec 30)