The IESG has approved the following document: - 'A YANG Module for TACACS+' (draft-ietf-opsawg-tacacs-yang-12.txt) as Proposed Standard
This document is the product of the Operations and Management Area Working Group. The IESG contact persons are Warren Kumari and Robert Wilton. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs-yang/ Technical Summary This document defines a Terminal Access Controller Access-Control System Plus (TACACS+) client YANG module, that augments the System Management data model, defined in RFC 7317, to allow devices to make use of TACACS+ servers for centralized Authentication, Authorization and Accounting (AAA). Working Group Summary The contention over TACACS+ in general carried over a bit in the initial development of this document and its module. To alleviate that, the scope was reduced to avoid an overall AAA module and instead focus on configuring the client-side of the TACACS+ protocol specifically. Towards the end, there was good feedback on YANG structure, terminology and providing an example to make the module use clearer. That said, the ietf-system currently only defines authentication and not authorization and accounting. So, while the TACACS+ module allows to specify a TACACS+ server that can do both authorization and accounting, the configuration nodes for that are not yet in the ietf-system module. The intent, as understood by the doc shepherd, is to propose new work to handle those methods in a more general approach outside the restricted scope of this TACACS+ document. Document Quality TACACS+ is certainly implemented and deployed. Huawei has implemented this draft in their devices. It is likely that this YANG module will be implemented by other vendors as part of the wider IETF YANG ecosystem. The document has undergone various expert-level reviews besides the WG review. In particular YANG Doctors and SECDIR have reviewed and said it was ready. The comments that arose from those reviews have been addressed in revision -05 of the document. Personnel Joe Clarke is the Document Shepherd. Rob Wilton is the responsible Area Director. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
