Zum Hauptinhalt springen

Appendix A. Example TACACS+ Authentication Configuration with Shared Secret

Dieser Abschnitt bewahrt den RFC-Text zum TACACS+ client YANG model, einschliesslich RFC 9105 changes, TLS 1.3 support, ietf-system-tacacs-plus module, credential references, NACM-sensitive nodes, IANA registrations, JSON examples und full tree.

Originaler RFC-Text

Appendix A.  Example TACACS+ Authentication Configuration with Shared
Secret

Figure 2 shows an example where a TACACS+ authentication server
instance is configured using a shared secret for authentication.
This mode is not recommended per [RFC9887].

{
"ietf-system:system": {
"authentication": {
"user-authentication-order": [
"ietf-system-tacacs-plus:tacacs-plus",
"ietf-system:local-users"
]
},
"ietf-system-tacacs-plus:tacacs-plus": {
"server": [
{
"name": "tac_plus1",
"server-type": "authentication",
"address": "192.0.2.2",
"shared-secret": "QaEfThUkO198010075460923+h3TbE8n",
"source-ip": "192.0.2.12",
"timeout": 10
}
]
}
}
}

Figure 2: Example with Shared Secret

Figure 3 provides an example to associate a TACACS+ server with a
VRF.

{
"ietf-network-instance:network-instances": {
"network-instance": [
{
"name": "MANAGEMENT_VRF",
"description": "Management VRF for TACACS+ traffic isolation"
}
]
},
"ietf-system:system": {
"authentication": {
"user-authentication-order": [
"ietf-system-tacacs-plus:tacacs-plus",
"ietf-system:local-users"
]
},
"ietf-system-tacacs-plus:tacacs-plus": {
"server": [
{
"name": "tac_plus1",
"server-type": "authentication",
"address": "192.0.2.2",
"shared-secret": "QaEfThUkO198010075460923+h3TbE8n",
"source-ip": "192.0.2.12",
"vrf-instance": "MANAGEMENT_VRF",
"timeout": 10
}
]
}
}
}

Figure 3: Example with VRF