Yang data model for TACACS+
draft-ietf-opsawg-tacacs-yang-08

Document Type Active Internet-Draft (opsawg WG)
Last updated 2020-08-29
Replaces draft-zheng-opsawg-tacacs-yang
Stream IETF
Intended RFC status Proposed Standard
Formats plain text xml pdf htmlized (tools) htmlized bibtex
Yang Validation 0 errors, 0 warnings.
Reviews
Additional Resources
- Yang catalog entry for ietf-system-tacacs-plus@2020-08-28.yang
- Yang impact analysis for draft-ietf-opsawg-tacacs-yang
- Mailing list discussion
Stream WG state Submitted to IESG for Publication
Document shepherd Joe Clarke
Shepherd write-up Show (last changed 2020-06-01)
IESG IESG state AD Evaluation
Consensus Boilerplate Yes
Telechat date
Responsible AD Robert Wilton
Send notices to Joe Clarke <jclarke@cisco.com>
Network Working Group                                           G. Zheng
Internet-Draft                                                   M. Wang
Intended status: Standards Track                                   B. Wu
Expires: March 2, 2021                                            Huawei
                                                         August 29, 2020

                      Yang data model for TACACS+
                    draft-ietf-opsawg-tacacs-yang-08

Abstract

   This document defines a TACACS+ client YANG module, that augments the
   System Management data model, defined in RFC 7317, to allow devices
   to make use of TACACS+ servers for centralized Authentication,
   Authorization and Accounting.

   The YANG module in this document conforms to the Network Management
   Datastore Architecture (NMDA) defined in RFC 8342.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 2, 2021.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must

Zheng, et al.             Expires March 2, 2021                 [Page 1]
Internet-Draft             TACACS+ YANG model                August 2020

   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions used in this document . . . . . . . . . . . . . .   3
     2.1.  Tree Diagrams . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Design of the TACACS+ Data Model  . . . . . . . . . . . . . .   3
   4.  TACACS+ Client Module . . . . . . . . . . . . . . . . . . . .   5
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  11
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
   7.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  13
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  13
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  13
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  14
   Appendix A.  Example TACACS+ Authentication Configuration . . . .  14
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  15

1.  Introduction

   This document defines a YANG module that augments the System
   Management data model defined in the [RFC7317] to support the
   configuration and management of TACACS+ clients.

   TACACS+ [I-D.ietf-opsawg-tacacs] provides device administration for
   routers, network access servers and other networked devices via one
   or more centralized servers.

   The System Management Model [RFC7317] defines separate functionality
   to support local and RADIUS authentication:

   o  User Authentication Model: Defines a list of usernames with
      associated passwords and a configuration leaf to decide the order
      in which local or RADIUS authentication is used.

   o  RADIUS Client Model: Defines a list of RADIUS servers used by a
      device for centralized user authentication.

   The System Management Model is augmented with the TACACS+ YANG module
   defined in this document to allow the use of TACACS+ servers as an
   alternative to RADIUS servers or local user configuration.

   The YANG module can be used with network management protocols such as
   NETCONF[RFC6241].

Zheng, et al.             Expires March 2, 2021                 [Page 2]
Internet-Draft             TACACS+ YANG model                August 2020

   The YANG module in this document conforms to the Network Management
   Datastore Architecture (NMDA) defined in [RFC8342].

2.  Conventions used in this document

   The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
Show full document text