The state of TACACS+

• Previous message (by thread): The state of TACACS+
• Next message (by thread): The state of TACACS+
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Dec 30, 2013 9:01 AM, "Saku Ytti" <saku at ytti.fi> wrote:
>
> On (2013-12-30 08:49 -0500), Christopher Morrow wrote:
>
> > Nor accounting...
>
> I think this is probably sufficient justification for TACACS+. I'm not
sure if
> command authorization is sufficient, as you can deliver group via radius
which
> maps to authorized commands.
> But if you must support accounting, per-command authorization comes as
free
> gift more or less.
>

Yes. Per-command auth and accounting is needed.

So what we need is tacacs over TLS (sctp / ipv6)

I agree tacacs is long in the tooth and needs to be revisited and invested
in.  Please take my money (serious)

CB

> --
>   ++ytti
>

• Previous message (by thread): The state of TACACS+
• Next message (by thread): The state of TACACS+
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]