I've done a quick read-through of the draft, and I have a few comments.
* Assuming someone is completely unfamiliar with T+ and they came across
this draft, they might assume "TACACS" stood for something, but it is
not expanded. Since this draft describes the protocol, I think it would
be good to expand the acronym in the intro paragraph.
* There are terminology spread throughout the draft (e.g., MD5,
'TheDraft', session, etc.). I've seen such things summarized early on
in a glossary in other long drafts. It might make it easier for a
reader to refer to if that was done here as well.
* There is a lot of use of NULL in this document where you either mean
NUL byte termination or an empty field. It would be helpful to clarify
the usage where you mean a NUL ASCII byte or a field with a zero length
value.
* In Section 4.1, the username is stated to be encoded in UTF-8. This
is not the case in the _current_ implementation of the protocol. A code
inspection of at least the tac_plus4 module shows this is as US-ASCII as
some of the other fields.
* In Section 4.1 as well, the various AUTHEN_SVC types are defined, but
only ENABLE (and NONE to some extent) is really described. It would be
useful to describe the others as well.
* In Section 4.2, the "data" field is mentioned and says it will be
described in more detail per authen_type below. Since the START, REPLY,
and CONTINUE packets each have a "data" field, and they're respective
sections all point to details "below," it's hard to discern what field
is being described. While I was able to figure out what I'd see in
various START and CONTINUE packets, I didn't see much on what I'd see in
the REPLY. For example, where can I expect to see custom authn prompts
pushed?
* In Section 5.1, you define TAC_PLUS_AUTHEN_METH_LINE as a "fixed
password associated with the line used to gain access." I don't think
it's clear what a "line" is. It might be better to say "terminal line"
or "terminal port."
That's it for now.
Joe
On 4/12/16 09:41, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Operations and Management Area Working Group
of the IETF.
Title : The TACACS+ Protocol
Authors : Thorsten Dahm
Andrej Ota
Douglas C. Medway Gash
David Carrel
Lol Grant
Filename: draft-ietf-opsawg-tacacs-02.txt
Pages : 35
Date: 2016-04-11
Abstract:
TACACS+ provides Device Administration for routers, network access
servers and other networked computing devices via one or more
centralized servers. This document describes the protocol that is
used by TACACS+.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-tacacs/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-02
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-tacacs-02
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
___
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg
___
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg
