Hi Alexey, Many thanks for the review and going through the issues that you found, the corrections for which I believe made the document considerably less bad.
Regarding the issue you mentioned below, it is another very valid point. I don’t think that the first change I made was sufficiently clear. I am proposing to add a new para to this section as follows: “ As mentioned above, this field is used by the client to indicate how it performed the authentication. One of the options (TAC_PLUS_AUTHEN_METH_TACACSPLUS := 0x06) is TACACS+ itself, and so the detail of how the client performed this option is given in Authentication Section (Section 5). For all other options, such as KRB and RADIUS, then TACACS+ protocol did not play any part in the authentication phase; as those interactions were not conducted using the TACACS+ protocol they will not be documented here. For implementers of clients who need details of the other protocols, please refer to the respective Kerberos [RFC4120] and RADIUS [RFC3579] RFCs.” Originally I had intended to try to avoid adding references to the other protocols to minimize references which may go stale, but I’m sure the readers can redirect if needed. Many thanks, Doug. On 18/03/2020, 13:28, "Alexey Melnikov" <aamelni...@fastmail.fm> wrote: Hi Douglas, On Mon, Jan 27, 2020, at 8:28 PM, Douglas Gash (dcmgash) wrote: > 5) KRB5 and KRB4 need normative references. > TA> The KRB5 and KRB4 are not specifically used in this document, > rather, there is one field with an option that the client uses to > indicate how it authenticated, and these are option. This is not > verifiable, so it is recomended in the documen tnot to use this field > for policy.For this reason, it is not really useful to provide a > normative reference, but it is required for the document to explai > this. So have added:[AI+TA] Please add Informative references for them then. If I decide to implement TACACS+ and don't know anything about Kerberos, I wouldn't know where to look. All your other changes are either good or I can at least live with them. Best Regards, Alexey _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg