[167790] in North American Network Operators' Group
Re: The state of TACACS+
daemon@ATHENA.MIT.EDU (Saku Ytti)
Mon Dec 30 09:00:12 2013
Date: Mon, 30 Dec 2013 15:59:48 +0200
From: Saku Ytti <saku@ytti.fi>
To: nanog list <nanog@nanog.org>
In-Reply-To: <CAL9jLaY5DzD+sTkcec2BqxciTAKdnCQxTNcRe0iGfJK3UpNHgg@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On (2013-12-30 08:49 -0500), Christopher Morrow wrote:
> Nor accounting...
I think this is probably sufficient justification for TACACS+. I'm not sure if
command authorization is sufficient, as you can deliver group via radius which
maps to authorized commands.
But if you must support accounting, per-command authorization comes as free
gift more or less.
--
++ytti
