Aller au contenu principal

1. Introduction

Cette section conserve le texte RFC relatif au TACACS+ client YANG model, y compris RFC 9105 changes, TLS 1.3 support, ietf-system-tacacs-plus module, credential references, NACM-sensitive nodes, IANA registrations, JSON examples et full tree.

Texte RFC original

1.  Introduction

The System Management data model [RFC7317] defines separate
functionality to support local and Remote Authentication Dial-In User
Service (RADIUS) authentication:

User Authentication Model: Defines a list of usernames with
associated passwords and a configuration leaf to decide the order
in which local or RADIUS authentication is used.

RADIUS Client Model: Defines a list of RADIUS servers used by a
device for centralized user authentication.

[RFC9105] defines a YANG module ("ietf-system-tacacs-plus") that
augments the System Management data model [RFC7317] for the
management of Terminal Access Controller Access-Control System Plus
(TACACS+) clients as an alternative to RADIUS servers [RFC2865].
Typically, the "ietf-system-tacacs-plus" module is used to configure
a TACACS+ client on a device to support deployment scenarios with
centralized Authentication, Authorization, and Accounting (AAA)
servers.

This document defines a YANG module for managing TACACS+ clients
(Section 4), including TACACS+ over TLS 1.3 clients [RFC9887]. This
document obsoletes [RFC9105].

The YANG module in this document conforms to the Network Management
Datastore Architecture (NMDA) defined in [RFC8342].

1.1. Changes Since RFC 9105

The following changes have been made to [RFC9105]:

* Added support for TLS [RFC9887]

* Added a constraint to ensure that the list of servers is unique
per address/port number

* Updated the description of 'address' to be consistent with the
type

* Fixed a 'must' statement under 'tacacs-plus'

* Fixed errors in the example provided in Appendix A of [RFC9105]

* Added an example to illustrate the use of VPN Routing and
Forwarding (VRF)

* Added new examples to illustrate the use of TACACS+ over TLS data
nodes

Detailed changes to the YANG module are listed in Section 4.