For information, the draft is at:
http://datatracker.ietf.org/doc/draft-dahm-opsawg-tacacs/
Regards, B;
Please note the following concerning the document content:
The majority of the document is a cleaned and tidied refresh of the
original draft.
However, included in the document is a new feature that we propose for
discussion: Support for TLS using a new packet type allows the TACACS
protocol to upgrade itself to a TLS tunnel. Please see section 3.6.2.
This is added in a way that is intended not to interfere with any
current implementations of TACACS+.
Also, a note in relation to TACACS+ and RADIUS. Although the protocols
were probably about equivalent in 1998, the addition of EAP and other
enhancements mean that RADIUS is the default protocol for Network
Access. By reviving the TACACS+ draft we have no intention of
influencing this status quo. However, TACACS+ does have a continued
and widely deployed use case for Device Administration. This is due to
its strict separation of authorisation from authentication which
allows per-command authorisation, and its TCP transport for allowing
effective accounting. It is to support this use case that TACACS+ is
proposed for progress to a standard, and informed the thoughts for the
potential selection of a workgroup, however if this selection is
misguided, please let us know.
Many thanks,
Regards,
Doug.
From: Douglas Gash <[email protected] <mailto:[email protected]>>
Date: Friday, 12 June 2015 08:23
To: "[email protected] <mailto:[email protected]>" <[email protected]
<mailto:[email protected]>>
Cc: Thorsten Dahm <[email protected]
<mailto:[email protected]>>, Andrej Ota <[email protected]
<mailto:[email protected]>>, "Michael Keenan (mikeenan)"
<[email protected] <mailto:[email protected]>>, "Satyanarayana Danda
(sdanda)" <[email protected] <mailto:[email protected]>>, "John Delaney
(jodelane)" <[email protected] <mailto:[email protected]>>
Subject: TACACS+ RFC
Hi,
TACACS+ is a protocol widely deployed, based upon a draft
specification that Cisco submitted in 1998, but never completed to RFC
status. The original draft has been tidied and lightly enhanced and
resubmitted, with the intent to finally get it published as a standard.
The best fit that we could see was for the opsawg.
Many thanks,
Regards,
Doug.
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
