Strategy Advice

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Wed Apr 30 10:43:07 CEST 2008


Alan DeKok wrote:
> Stefan Winter wrote:
>   
>> Don't know if this is an issue for you, but: Cisco equipment does not
>> support command authorization via RADIUS (*any* RADIUS...) [for pure
>> business greed reasons]. So if you really need per-command
>> authorization, you'll have to stick with TACACS+ which, sadly, is well
>> catered by ACS.
>>     
>
>   There's a tacp2rad program which hasn't been maintained... but it works.
>
>   Adding that to the FreeRADIUS portfolio wouldn't be hard, if there was
> a demand for it.
>
>   
I'd find that useful, many of the more advanced command ACLs on HP kit 
can only be accessed when authenticating against a TACACS+ server.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   


-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08 
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900




More information about the Freeradius-Users mailing list