Continuing with Section 8
... Privilege Levels are ordered values from 0 to 15
with each level representing a privilege level that is a superset of
the next lower value.
* nit: perhaps this could be "each level is defined to be a superset of the
next lower value", instead of "representing".
If a client uses a different privilege level scheme, then it must map
the privilege level to scheme above.
* editorial :"... to A scheme..."
* and how is mapping done? It might be better to just omit that sentence.
Privilege Levels are applied in two ways in the TACACS+ protocol:
* nit: perhaps "used" instead of "applied"
- As an argument in authorization EXEC phase (when service=shell
and cmd=NULL), where it is primarily used to set the initial
privilege level for the EXEC session.
* how does that work? And what does it mean to set an initial privilege level?
- In the packet headers for Authentication, Authorization and
Accounting. The privilege level in the header is primarily
significant in the Authentication phase for enable authentication
where a different privilege level is required.
* again, how does that work? Additional text would be useful. e.g.
In typical use-cases, an administrator can perform a series of commands at a
low privilege level. When additional privileges are required, the
administrator can authenticate at the desired level, perform a series of
commands, and the drop privilege level to the lower one. This methodology
minimizes possible errors by using high privilege levels only when necessary,
and using low privilege levels for most commands.
* expanding on the use-case and work flow would be of great benefit.
The use of Privilege levels to determine session-based access to
commands and resources is not mandatory for clients, but it is in
common use so SHOULD be supported by servers.
* and clients, presumably? Perhaps instead, say:
It is RECOMMENDED that clients and servers use Privilege levels to signal
and control session-based access. It is RECOMMENDED that clients permit
users to change their Privilege levels, so as to ensure that commands are
executed with the minimum Privilege level required.
9. TACACS+ Security Considerations
* there is a lot which can be said here. My proposal here is a substantial
amount of text. I'll include it in another message
OPSAWG mailing list