On Dec 30, 2013 9:01 AM, "Saku Ytti" <s...@ytti.fi> wrote: > > On (2013-12-30 08:49 -0500), Christopher Morrow wrote: > > > Nor accounting... > > I think this is probably sufficient justification for TACACS+. I'm not sure if > command authorization is sufficient, as you can deliver group via radius which > maps to authorized commands. > But if you must support accounting, per-command authorization comes as free > gift more or less. >
Yes. Per-command auth and accounting is needed. So what we need is tacacs over TLS (sctp / ipv6) I agree tacacs is long in the tooth and needs to be revisited and invested in. Please take my money (serious) CB > -- > ++ytti >