On Aug 13, 2018, at 3:19 PM, Joe Clarke <jclarke=40cisco....@dmarc.ietf.org> wrote: > As this document progresses towards ratification, the opsawg chairs are > soliciting people that have implemented TACACS+ clients and/or servers > to read the draft and comment as to whether or not their implementation > is known to be compliant _or_ if it is known _not_ to be compliant.
We've implemented it in FreeRADIUS. (Perhaps mis-named...) * we support the TAC_PLUS_UNENCRYPTED_FLAG, tho that may change. * Does treat TAC_PLUS_AUTHEN_STATUS_FOLLOW as TAC_PLUS_AUTHEN_STATUS_FAIL (follows recommendation in 9.5) * Does not take any steps to ensure the channel is secure (this is left up to the network administrator) * it supports PAP, with CHAP and MS-CHAP in the works > If the latter, and your implementation is known not to be compliant, > what does your implementation do differently? > > If the former, an explicit acknowledgement that your implementation is > compliant (and the name/vendor of said implementation) will be helpful > as this document moves to the IESG. > > If you know of T+ implementors that may not be on the opsawg@ list, > please forward this to them, and ask them to comment on list. > > Thank you. > > Joe (on behalf of the opsawg co-chairs) > > _______________________________________________ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg