Strategy Advice
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Wed Apr 30 10:43:07 CEST 2008
Alan DeKok wrote:
> Stefan Winter wrote:
>
>> Don't know if this is an issue for you, but: Cisco equipment does not
>> support command authorization via RADIUS (*any* RADIUS...) [for pure
>> business greed reasons]. So if you really need per-command
>> authorization, you'll have to stick with TACACS+ which, sadly, is well
>> catered by ACS.
>>
>
> There's a tacp2rad program which hasn't been maintained... but it works.
>
> Adding that to the FreeRADIUS portfolio wouldn't be hard, if there was
> a demand for it.
>
>
I'd find that useful, many of the more advanced command ACLs on HP kit
can only be accessed when authenticating against a TACACS+ server.
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
More information about the Freeradius-Users
mailing list