> On Jan 9, 2017, at 4:16 AM, Balazs Lengyel <[email protected]> > wrote: > > Hello, > > We already have a radius model part in ietf-system; but are there any plans > to develop a TACACS+ model for YANG? > > How widely is TACACS+ used for remote authorization/accounting ? As an > outsider I would guess that remote authorization could really slow down > processing e.g. a big CLI script.
Of the customers that I am interacting with, both use TACACS+ for authorization and accounting. My take is that there would a requirement for NETCONF to be able to interact with the server. One way to deal with authorization is for the server to download the authorization rules and do local authorization instead of sending all the requests to the server, which as you point out would otherwise slow authorization down. A related question is, if NACM is used to setup rules for authorization, and there is a remote AAA server configured, are the rules for the NETCONF server to store and manage or are they for the AAA server? If the latter, what is communication channel between them? Thanks. Mahesh Jethanandani [email protected] _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
