Dear WG, We submitted version 01 of draft-ietf-opsawg-tacacs-yang to resolve comments received on 105 meetings and the mailing list. https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-yang-01
Here are some major changes in this version: - Improve model description and fix language/grammar errors based on John Heasley's comments - Add the identity ‘tacacsplus’ to allow ‘user authentication order’ to use TACACS+ authentication - Add an appendix section to describe TACACS+ authentication configuration The new appendix adds suggestion for the system authentication configuration since there are still two unresolved issues, proposed by Ebben Aries: 1) The 'user-authentication-order' must restrictions 'user-authentication-order' is a leaf-list. But as per RFC7950, the target node of the "augment" statement cannot be a leaf-list. Therefore, must restrictions of TACACS+ Authentication cannot be added. 2) Whether to add 'tacacsplus-authentication' feature like radius TACACS+ not only supports authentication, but also supports authorization and accounting, and in most cases, these three functions are used together. Defining three separate features appears a bit complicated.Therefore, we recommend only defining "tacacsplus" feature. Best Regards, Bo -----邮件原件----- 发件人: [email protected] [mailto:[email protected]] 发送时间: 2019年11月4日 21:00 收件人: wangzitao <[email protected]>; Wubo (lana) <[email protected]>; Zhengguangying (Walker) <[email protected]>; Wubo (lana) <[email protected]>; wangzitao <[email protected]> 主题: New Version Notification for draft-ietf-opsawg-tacacs-yang-01.txt A new version of I-D, draft-ietf-opsawg-tacacs-yang-01.txt has been successfully submitted by Bo Wu and posted to the IETF repository. Name: draft-ietf-opsawg-tacacs-yang Revision: 01 Title: Yang data model for TACACS+ Document date: 2019-11-03 Group: opsawg Pages: 14 URL: https://www.ietf.org/internet-drafts/draft-ietf-opsawg-tacacs-yang-01.txt Status: https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-yang/ Htmlized: https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-yang-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-tacacs-yang Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tacacs-yang-01 Abstract: This document defines YANG modules that augment the System Management data model defined in the RFC 7317 with TACACS+ client model. The data model of Terminal Access Controller Access Control System Plus (TACACS+) client allows the configuration of TACACS+ servers for centralized Authentication, Authorization and Accounting. The YANG modules in this document conforms to the Network Management Datastore Architecture (NMDA) defined in RFC 8342. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
