A few quick observations on the model - The model defines the client configuration and state parameters only but to be functional for operator use w/ AAA needs a few other things, otherwise this by itself is incomplete - There should likely be an identity of 'tacacsplus' that is base off ietf-system:authentication-method - The 'user-authentication-order' must restrictions in ietf-system would need to be accounted for as is done for radius - Is there intention to add an equivalent 'tacacsplus-authentication' feature much like there is for radius?
Thx /ebben On Jun 20 13:04 PM, Wubo (lana) wrote: > Dear WG, > > We update the 02 version of draft-zheng-opsawg-tacacs-yang-02 to address the > comments from 104 meeting. > https://tools.ietf.org/html/draft-zheng-opsawg-tacacs-yang-02 > > Here are some major changes in this version: > - This draft is focused on TACACS+ Client only YANG. > - Change the module name to ietf-system-tacacsplus. > - Group the all the rw objects together by changing timeout to server > specific. > - Change "network-instance" to "vrf-instance" to make it specific and add > text to describe it. > - Add "source-interface" as a choice to accommodate one more implementation. > > Please help to review the document, comments and suggestions are welcome! > > Thanks, > Bo > > > -----邮件原件----- > 发件人: [email protected] [mailto:[email protected]] > 发送时间: 2019年6月20日 20:38 > 收件人: wangzitao <[email protected]>; Wubo (lana) <[email protected]>; > Zhengguangying (Walker) <[email protected]>; Wubo (lana) > <[email protected]>; wangzitao <[email protected]> > 主题: New Version Notification for draft-zheng-opsawg-tacacs-yang-02.txt > > > A new version of I-D, draft-zheng-opsawg-tacacs-yang-02.txt > has been successfully submitted by Bo Wu and posted to the IETF repository. > > Name: draft-zheng-opsawg-tacacs-yang > Revision: 02 > Title: Yang data model for TACACS+ > Document date: 2019-06-20 > Group: Individual Submission > Pages: 14 > URL: > https://www.ietf.org/internet-drafts/draft-zheng-opsawg-tacacs-yang-02.txt > Status: > https://datatracker.ietf.org/doc/draft-zheng-opsawg-tacacs-yang/ > Htmlized: https://tools.ietf.org/html/draft-zheng-opsawg-tacacs-yang-02 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-zheng-opsawg-tacacs-yang > Diff: > https://www.ietf.org/rfcdiff?url2=draft-zheng-opsawg-tacacs-yang-02 > > Abstract: > This document defines a YANG modules that augment the System data > model defined in the RFC 7317 with TACACS+ client model. The data > model of Terminal Access Controller Access Control System Plus > (TACACS+) client allows the configuration of TACACS+ servers for > centralized Authentication, Authorization and Accounting. > > The YANG modules in this document conforms to the Network Management > Datastore Architecture (NMDA) defined in RFC 8342. > > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
