david t. klein wrote: > > > > Is there any chance that a TACACS+ daemon could be integrated into a > future version of FreeIPA, so that network rights can be assigned and > delegated the same way as system rights? I have looked through Cisco's > tac_plus (ftp://ftp-eng.cisco.com/pub/tacacs), and while I do not have > the development skill to do so, I think that the daemon could be > altered to take its rights-assignments and configuration from a > directory, instead of from configuration file. This functionality > would greatly increase the value of the tool to a couple of > organizations that I have spoken to. >
The chance is always there. However we are not TACACS experts. For us to integrate it into IPA we would need (together with the TACACS community and I am not sure we should work with...) sort out: * Licensing * The TACACS community should make the configuration pluggable so that different plugins can be developed * Then we can work together on the LDAP back end. We can consult and help with the LDAP schema design. I would hope that work will be mostly done by someone who is familiar with TACACS since it will take a lot less time than for us. But we are definitely open for a further discussion. Thank you for your suggestion. If there is a need we are always interested to address it. Dmitri > > > > > Thank you, > > > > -DTK > > > > > > > > -- > david t. klein > > Cisco Certified Network Associate (CSCO11281885) > Linux Professional Institute Certification (LPI000165615) > Redhat Certified Engineer (805009745938860) > > Quis custodiet ipsos custodes? > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Freeipa-interest mailing list > Freeipa-interest@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-interest _______________________________________________ Freeipa-interest mailing list Freeipa-interest@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-interest