Continuing with Section 8

   ...  Privilege Levels are ordered values from 0 to 15
   with each level representing a privilege level that is a superset of
   the next lower value. 

* nit: perhaps this could be "each level is defined to be a superset of the 
next lower value", instead of "representing".

   If a client uses a different privilege level scheme, then it must map
   the privilege level to scheme above.

* editorial :"... to A scheme..."

* and how is mapping done?  It might be better to just omit that sentence.

   Privilege Levels are applied in two ways in the TACACS+ protocol:

* nit: perhaps "used" instead of "applied"

      - As an argument in authorization EXEC phase (when service=shell
      and cmd=NULL), where it is primarily used to set the initial
      privilege level for the EXEC session.

* how does that work?  And what does it mean to set an initial privilege level?

      - In the packet headers for Authentication, Authorization and
      Accounting.  The privilege level in the header is primarily
      significant in the Authentication phase for enable authentication
      where a different privilege level is required.

* again, how does that work?  Additional text would be useful.  e.g.

In typical use-cases, an administrator can perform a series of commands at a 
low privilege level.  When additional privileges are required, the 
administrator can authenticate at the desired level, perform a series of 
commands, and the drop privilege level to the lower one.  This methodology 
minimizes possible errors by using high privilege levels only when necessary, 
and using low privilege levels for most commands.

* expanding on the use-case and work flow would be of great benefit.

   The use of Privilege levels to determine session-based access to
   commands and resources is not mandatory for clients, but it is in
   common use so SHOULD be supported by servers.

* and clients, presumably?  Perhaps instead, say:

It is RECOMMENDED that clients and servers use Privilege levels to signal
and control session-based access.  It is RECOMMENDED that clients permit
users to change their Privilege levels, so as to ensure that commands are
executed with the minimum Privilege level required.

9.  TACACS+ Security Considerations

* there is a lot which can be said here.  My proposal here is a substantial 
amount of text.  I'll include it in another message
OPSAWG mailing list

Reply via email to