Hi WG, We've implemented it in HWTACACS.
# we support the TAC_PLUS_UNENCRYPTED_FLAG. # We treat TAC_PLUS_AUTHEN_STATUS_FOLLOW as TAC_PLUS_AUTHEN_STATUS_FAIL (follows recommendation in 9.5) # We follow the recommendation -- "If receiving an unknown mandatory authorization attribute, behave as if it had received TAC_PLUS_AUTHOR_STATUS_FAIL.." (Section 9.5) Best Regards! -Michael ------------------------------------------------------------------------------------------------------------------------------------ [OPSAWG] TACACS+ IMPLEMENTORS: Does your implementation match draft-ietf-opsawg-tacacs? Joe Clarke <jcla...@cisco.com> Mon, 13 August 2018 19:19 UTC As you know, draft-ietf-opsawg-tacacs is working to describe the TACACS+ protocol as it is known to be implemented today. This draft will become an informational document and help inform subsequent works. As this document progresses towards ratification, the opsawg chairs are soliciting people that have implemented TACACS+ clients and/or servers to read the draft and comment as to whether or not their implementation is known to be compliant _or_ if it is known _not_ to be compliant. If the latter, and your implementation is known not to be compliant, what does your implementation do differently? If the former, an explicit acknowledgement that your implementation is compliant (and the name/vendor of said implementation) will be helpful as this document moves to the IESG. If you know of T+ implementors that may not be on the opsawg@ list, please forward this to them, and ask them to comment on list. Thank you. Joe (on behalf of the opsawg co-chairs)
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg