IETF Logo Mail Archive

[OPSAWG] re opsawg-tacacs-yang & ietf-system user-authen-order

john heasley <heas@shrubbery.net> Wed, 20 November 2019 03:17 UTC

Return-Path: <heas@shrubbery.net>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54B74120236 for <opsawg@ietfa.amsl.com>; Tue, 19 Nov 2019 19:17:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g2r5W_ssxtCG for <opsawg@ietfa.amsl.com>; Tue, 19 Nov 2019 19:17:46 -0800 (PST)
Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BA2912002E for <opsawg@ietf.org>; Tue, 19 Nov 2019 19:17:46 -0800 (PST)
Received: by guelah.shrubbery.net (Postfix, from userid 7053) id E19D52442F3; Wed, 20 Nov 2019 03:17:45 +0000 (UTC)
Date: Wed, 20 Nov 2019 03:17:45 +0000
From: john heasley <heas@shrubbery.net>
To: opsawg@ietf.org
Message-ID: <20191120031745.GC49549@shrubbery.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc
X-note: live free, or die!
X-homer: i just want to have a beer while i am caring.
X-Claimation: an engineer needs a manager like a fish needs a bicycle
X-reality: only YOU can put an end to the embarrassment that is Tom Cruise
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/KYyQU6qw5timlRM9W_MnWmFMM-Q>
Subject: [OPSAWG] re opsawg-tacacs-yang & ietf-system user-authen-order
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 03:17:47 -0000

Regarding the question, on the second to last page of the opsawg-tacacs-yang
presentation slides, about the must in model ietf-system, which I believe was
whether to add a must for tacacs, remove the must for radius, or do nothing;
that must seems wrong to me.

I would expect the system to react no differently to missing sever
configuration than to a list of servers that all fail to respond.  Some
vendors have done this historically in cli.

Whether ietf-system should be changed, I do not know it is worth the effort.
If the WG agrees that its existence is wrong, that might be another question
for yang doctors.

v2.23.0 | Report a Bug | By Email