In gmane.org.operators.nanog, Mike Lewinski via NANOG wrote:
>> https://www.shrubbery.net/tac_plus/
>
> That tac_plus has python 2 dependencies and so has been removed from
> Debian packages. That's not surprising given the last update was 2015
> and Python 2 was EOL in 2020:
>
It seems they can do it:
https://www.miniorange.com/iam/solutions/tacacs-authentication
From: NANOG on behalf of Tim Burke
Date: Friday, 22 September 2023 17:32
To: North American Network Operators Group , Kevin Burke
Subject: Re: TACACS+ server recommendations?
Curious about this as well
Just going to drop this in here ...Privileged Access Management Solutions for Enhanced Cybersecurity | PAM Systems | Fudo Securityfudosecurity.comIf you are looking for something a little more upbeat -- J. HellenthalThe fact that there's a highway to Hell but only a stairway to Heaven says a lot
> We are using Okta's RADIUS service for 2fa to network gear currently,
> but looking to switch to tacacs+ for many reasons. Would prefer to
> implement tacacs+ with two-factor if possible.
tac_plus-ng from https://www.pro-bono-publico.de/projects/tac_plus-ng.html has
LDAP and PAM backends,
Sent: Friday, September 22, 2023 1:53 PM
To: North American Network Operators Group
Subject: RE: TACACS+ server recommendations?
Is anyone using two factor authentication for network devices?
Getting ready to re-do our authentication infrastructure and was curious if
this is common. We
Is anyone using two factor authentication for network devices?
Getting ready to re-do our authentication infrastructure and was curious if
this is common. We are noticing a lot of Active Directory based two factor
solutions as well as some TACACS solutions that have already been mentioned
On Thu, Sep 21, 2023 at 6:56 AM Jim wrote:
...
> My understanding is a good number of password manager products exists which
> will handle that,
> and then the only AAA which network devices need to be concerned about for
> Authentication and
> Authorization is Basic password auth, which
On Thu, Sep 21, 2023 at 5:40 AM Simon Leinen wrote:
>
> Christopher Morrow writes:
> > On Wed, Sep 20, 2023 at 1:22 PM Jim wrote:
> >>
> >> Router operating systems still typically use only passwords with
> >> SSH, then those devices send the passwords over that insecure channel. I
> >> have
On Thu, Sep 21, 2023 at 4:40 AM Simon Leinen wrote:
>
> Ahem... Cisco supports SSH authentication using *X.509* certificates.
> Unfortunately this is not compatible with OpenSSH (the dominant SSH
>
It's not a great solution, but it is certainly a solution.
The feature exists for some
Christopher Morrow writes:
> On Wed, Sep 20, 2023 at 1:22 PM Jim wrote:
>>
>> Router operating systems still typically use only passwords with
>> SSH, then those devices send the passwords over that insecure channel. I
>> have yet to
>> see much in terms of routers capable to Tacacs+ Authorize
from a commercial perspective, we've been using Radiator for the last
~7 yearsbeen working really well, super flexible in terms of user
group permissions, authorized commands etc + the upside for us was
logging auth logs to SQL, both authentication and authorization
logsit's primarily
On Wed, Sep 20, 2023 at 1:22 PM Jim wrote:
>
> Router operating systems still typically use only passwords with
> SSH, then those devices send the passwords over that insecure channel. I
> have yet to
> see much in terms of routers capable to Tacacs+ Authorize users based on
> users'
>
Hi Bryan,
https://tacacsgui.com/ it might be a good fit for you.
Em qua., 20 de set. de 2023 às 12:10, Bryan Holloway
escreveu:
> Ah, the good old days when I could download the latest tac_plus code
> from the Cisco FTP site, compile it, and off I go.
>
> But I digress.
>
> Curious if there
On Wed, Sep 20, 2023 at 10:22 AM, Jim wrote:
> On Wed, Sep 20, 2023 at 11:16 AM Mike Lewinski via NANOG
> wrote:
>
>> > https://www.shrubbery.net/tac_plus/
>> That tac_plus has python 2 dependencies and so has been removed from
>> Debian packages. That's not surprising given the last update was
On Wed, Sep 20, 2023 at 11:16 AM Mike Lewinski via NANOG
wrote:
> > https://www.shrubbery.net/tac_plus/
> That tac_plus has python 2 dependencies and so has been removed from
> Debian packages. That's not surprising given the last update was 2015 and
> Python 2 was EOL in 2020:
> https://www.shrubbery.net/tac_plus/
That tac_plus has python 2 dependencies and so has been removed from Debian
packages. That's not surprising given the last update was 2015 and Python 2 was
EOL in 2020: https://www.python.org/doc/sunset-python-2/
Currently I favor this one which is still
On Wed, Sep 20, 2023 at 8:09 AM, Bryan Holloway wrote:
> Ah, the good old days when I could download the latest tac_plus code from
> the Cisco FTP site, compile it, and off I go.
>
You might be thinking of the Shrubbery one —
https://www.shrubbery.net/tac_plus/
There are newer, fancier, etc
We have also used https://www.shrubbery.net/tac_plus/ for some time as
well. Great product!
JM
On Wed, Sep 20, 2023 at 8:15 AM Mark Tinka wrote:
>
>
> On 9/20/23 17:09, Bryan Holloway wrote:
>
> > Ah, the good old days when I could download the latest tac_plus code
> > from the Cisco FTP
On 9/20/23 17:39, Jeff Moore wrote:
We have also used https://www.shrubbery.net/tac_plus/ for some time as
well. Great product!
Yes, that's one of the ones in the FreeBSD ports.
Works very well.
Mark.
On 9/20/23 17:09, Bryan Holloway wrote:
Ah, the good old days when I could download the latest tac_plus code
from the Cisco FTP site, compile it, and off I go.
But I digress.
Curious if there are any operators out there that have a good
recommendation on a lightweight TACACS+ server for
Ah, the good old days when I could download the latest tac_plus code
from the Cisco FTP site, compile it, and off I go.
But I digress.
Curious if there are any operators out there that have a good
recommendation on a lightweight TACACS+ server for ~200 NEs and
access-control for 20-30 folks.
21 matches
Mail list logo
