On Feb 12, 2016, at 11:34 AM, Warren Kumari <[email protected]> wrote: > That is working on the assumption that the reason that operators are using > TACACS+ instead of RADIUS is /only/ because of this feature. In many cases it > is also because operators already have TACACS servers installed and / or find > TACACS+ *much* simpler to deploy and manage.
Please suggest which operators use TACACS+ for general user authentication, roaming, etc. I'm unaware of any TACACS+ roaming consortium. I'm aware of multiple RADIUS / Diameter roaming consortium. Please suggest *why* TACACS+ is simpler to deploy and manage than RADIUS servers. That statement is... surprising, to be polite. Installing and configuring a new networking daemon is a matter of a few minutes on any modern Unix distribution. > RADIUS is a grand protocol - it has many bells and whistles and extra > functionality, but e.g: shrubbery's tac_plus is free, comes with many > distributions, and is dead simply to install and configure. So? As a biased person, FreeRADIUS is free, comes with *all* distributions, and is dead simple to install and configure. It's packaged with every single Unix distribution on the planet. It's shipped by essentially every network equipment manufacturer other than Cisco, Alcatel-Lucent, and Juniper as their embedded RADIUS solution. It supports all of the relevant RADIUS RFCs. It *alone* has probably 10x the install base of all of the TACACS+ servers, combined, world-wide. Simple "it's popular" is no argument. I say this as the author of the most popular RADIUS server on the planet. Heck, it supports DHCP, BFD, and we're working on Diameter support. Again.. so? Alan DeKok. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
