TACACS+ is now in the v4.0.x branch
Alan DeKok
aland at deployingradius.com
Fri Feb 3 17:00:03 CET 2017
On Feb 3, 2017, at 10:47 AM, Michael Ströder <michael at stroeder.com> wrote:
> Haven't looked at it for a while but I vaguely remember the I-D above was just meant to
> document current TACACS+ usage and not to fix the protocol's deficiencies. This scope
> might have changed but I don't know.
This was discussed a lot on the IETF OPSAWG mailing list. The draft (all revisions) can best be described as vaguely hinting at the protocol. It in no way gives sufficient information for someone to create an inter-operable version.
After many reviews, the authors don't seem to be clear on this point. The text is philosophical instead of prescriptive.
> I sort of expected "man unlang". ;-)
Having a module which reads and enforces the standard TACACS+ file format would be greatly beneficial.
Alan DeKok.
More information about the Freeradius-Users
mailing list