Thu, May 07, 2020 at 03:02:24PM +0200, Ladislav Lhotka:
> > [Bo] Please see if the definition below is correct:
> > typedef tcsplus-server-type {
> > type bits {
> > bit authentication {
> > description
> > "When set, the server is an authentication server.";
> > }
> > bit authorization {
> > description
> > "When set, the server is an authorization server.";
> > }
> > bit accounting {
> > description
> > "When set, the server is an accounting server.";
> > }
> > bit all {
> > description
> > "When set, the server can be all types of TACACS+ servers.";
> > }
> >
> > }
> > description
> > "server-type can be set to authentication/authorization/accounting
> > or any combination of the three types.
> > When all three types are supported, either "all" or the three
> > bits setting can be used;
> > }
> >
> > <tp>
> > I would drop the all. I know that I suggested it, or an asterisk, but I
> > was thinking that this was a common case. Joe suggests that no accounting
> > is the commoner - I do not have sufficient exposure to know - in which case
> > I would not bother with 'all'. Whether or not to make auth/auth the
> > default I have no particular view on - as I say, I lack the exposure to be
> > confident about that.
> >
> > Having 'all' adds complexity, two ways to something, while making a small
> > saving in message size - on balance, not worth it.
>
> Agreed. Lada
Note that enabling certain types of accounting is rare, at least in my
opinion. eg: enabling login accounting is not rare, while command
accounting is rare because it is expensive esp. on some particular devices.
Also, rare or not, enabling it for a tacacs server is sort of orthogonal.
it will not be used for that purpose unless some form of accounting is
enabled.
I'll have to look at the model again; i do not recall if the model allows
for particular accounting types w/o augmentation.
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
