Appendix A. Example TACACS+ Authentication Configuration with Shared Secret
Cette section conserve le texte RFC relatif au TACACS+ client YANG model, y compris RFC 9105 changes, TLS 1.3 support, ietf-system-tacacs-plus module, credential references, NACM-sensitive nodes, IANA registrations, JSON examples et full tree.
Texte RFC original
Appendix A. Example TACACS+ Authentication Configuration with Shared
Secret
Figure 2 shows an example where a TACACS+ authentication server
instance is configured using a shared secret for authentication.
This mode is not recommended per [RFC9887].
{
"ietf-system:system": {
"authentication": {
"user-authentication-order": [
"ietf-system-tacacs-plus:tacacs-plus",
"ietf-system:local-users"
]
},
"ietf-system-tacacs-plus:tacacs-plus": {
"server": [
{
"name": "tac_plus1",
"server-type": "authentication",
"address": "192.0.2.2",
"shared-secret": "QaEfThUkO198010075460923+h3TbE8n",
"source-ip": "192.0.2.12",
"timeout": 10
}
]
}
}
}
Figure 2: Example with Shared Secret
Figure 3 provides an example to associate a TACACS+ server with a
VRF.
{
"ietf-network-instance:network-instances": {
"network-instance": [
{
"name": "MANAGEMENT_VRF",
"description": "Management VRF for TACACS+ traffic isolation"
}
]
},
"ietf-system:system": {
"authentication": {
"user-authentication-order": [
"ietf-system-tacacs-plus:tacacs-plus",
"ietf-system:local-users"
]
},
"ietf-system-tacacs-plus:tacacs-plus": {
"server": [
{
"name": "tac_plus1",
"server-type": "authentication",
"address": "192.0.2.2",
"shared-secret": "QaEfThUkO198010075460923+h3TbE8n",
"source-ip": "192.0.2.12",
"vrf-instance": "MANAGEMENT_VRF",
"timeout": 10
}
]
}
}
}
Figure 3: Example with VRF