IETF Logo Mail Archive

[OPSAWG] Addenda to the T+ informational draft

"Douglas Gash (dcmgash)" <dcmgash@cisco.com> Tue, 15 September 2020 07:00 UTC

Return-Path: <dcmgash@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3617E3A09AF; Tue, 15 Sep 2020 00:00:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=X0s+2Eny; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=q+t1ybrC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58TGWcsR15cu; Tue, 15 Sep 2020 00:00:55 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A7313A09AB; Tue, 15 Sep 2020 00:00:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1474; q=dns/txt; s=iport; t=1600153255; x=1601362855; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=xwwmK3KnfiblJW87rV9C++e8lrTD9DUaHBxoMlsfDZM=; b=X0s+2Eny7Fw2Y7iC+qRX0DRnaJbZThytYskIdMusBVoMnJ6nbqvE5S8k wOJegIqfx78cNmOY9RozdpFgWm3+X+AKI0YLK/BbQKCUPfHlaFaYJX470 wpXy6xn+M0y2EmqSgzbevUq4HYWxc7/jOuy5pSriw3pHnegoqBqpaojHm g=;
IronPort-PHdr: 9a23:gL4mHBFaJDS1J9vuiEUPDJ1GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e401QWbXIjH5bRDkeWF+6zjWGlV55GHvThCdZFXTBYKhI0QmBBoG8+KD0D3bZuIJyw3FchPThlpqne8N0UGGcviaRvVuHLhpTIXEw/0YAxyIOm9E4XOjsOxgua1/ZCbYwhBiDenJ71oKxDjpgTKvc5Qioxneas=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BNDQAIZmBf/4gNJK1gHQEBPAEFBQECAQkBFYFPAoFQUQeBSS8sCoQvg0YDjUmZGIEuFIERA1ULAQEBDQEBLQIEAQGEZIIGAiQ0CQ4CAwEBCwEBBQEBAQIBBgRthVwMhgsREQwBATIGEQEiAiYCBDAVEgQBNIMEgkwDLgEDqnYCgTmIYXaBMoMBAQEFhTcYghAJgQ4qAYJwg2mGUhuCAIERJwwQhw6DUTOCLZANgxqjYwqCZQSaPAMegwmJdZNvkmGBcZ10AgQCBAUCDgEBBYFUOoFXcBVlAYI+UBcCDZIQilZ0NwIGAQkBAQMJfI5DAYEQAQE
X-IronPort-AV: E=Sophos;i="5.76,429,1592870400"; d="scan'208";a="803498493"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Sep 2020 07:00:53 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 08F70r6l026443 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 15 Sep 2020 07:00:53 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 15 Sep 2020 02:00:53 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 15 Sep 2020 03:00:52 -0400
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 15 Sep 2020 03:00:52 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Et0+F6uRXt3DZnBpiXgHwBe4HiMi3Kmgy+40SXEdmF5l6LOqcJ1uAWyqxwJGyNbCtMVj7Wn/Hh/P/EdKSELTA847BsIVPbzCB0JFEPAZT39/Cmrw9bAUp8pOYq7qG3F+1B4Kv2uX1lY2Z8ZdqT3XfrAGc3Fl06sbpO11/yrmtQYZgL4puiigqkm6aS6otZgRni2cWjlwhNFTt3DHJAwpGmY4uvUv4mxhEjaj6cUbAKUlOTNXX8Pb20WMEbQbZAJY6L56naZFXA+cYQ9Hl+Q5nOGxQhgYV9Cw8zWkskkAMCRG4Fj772vcXRmFeFfWBKL6cKVF+WO50JkWpCtVgYtXMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xwwmK3KnfiblJW87rV9C++e8lrTD9DUaHBxoMlsfDZM=; b=d8kLm4HeWx7fqGatv+rZVCKssbNz6BOnuazxVVxH7h9X7/D9aepzDe08Sk4ACMGMgyh7pla0ldmfBFLB9bxZlUWtKY/7uIvQepnHOzSy9awLj0n6eK+6AgnNcBmGqsHurJc/w84SUbvKNZWkuS54n8cOCgcXU4oMpc0sYBJO756DlP1J8sWF+JRIwoe/F4T5b1a8WkJBYXnsWKnFxa7OJRpEwrsiaNyo+E4Ji4x7HiRxqoG3KgWsxPx4J3Rkp7jtKMrTFvQdR4vbmgOInno4pX1bepixI32FYPjHrTWwsGctImrTpRRfGM6red43C24Dpu1Ee+1ALuA64CnmIBnnXA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xwwmK3KnfiblJW87rV9C++e8lrTD9DUaHBxoMlsfDZM=; b=q+t1ybrCD0WIGrwKLtgb+zau97AlC3VwT20rlOWIjQNKJY4r0V9OGbIfHDK28DESKpSTCIRn0ww4QyxTvfplHpH+DJ7rfbn0AKIkwzXfxUaUtzXyNhmKSISBNWtvmRb7nuh7MQKFylWg50JiI54kJj/Khvq0Obkjp8PjZUu8QkE=
Received: from DM5PR1101MB2313.namprd11.prod.outlook.com (2603:10b6:4:51::21) by DM5PR1101MB2153.namprd11.prod.outlook.com (2603:10b6:4:56::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Tue, 15 Sep 2020 07:00:49 +0000
Received: from DM5PR1101MB2313.namprd11.prod.outlook.com ([fe80::584a:c207:9419:25df]) by DM5PR1101MB2313.namprd11.prod.outlook.com ([fe80::584a:c207:9419:25df%12]) with mapi id 15.20.3370.019; Tue, 15 Sep 2020 07:00:49 +0000
From: "Douglas Gash (dcmgash)" <dcmgash@cisco.com>
To: "draft-ietf-opsawg-tacacs@ietf.org" <draft-ietf-opsawg-tacacs@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: Addenda to the T+ informational draft
Thread-Index: AQHWiy3xTWangWBXgUOuM9WERcoyHg==
Date: Tue, 15 Sep 2020 07:00:49 +0000
Message-ID: <00CBE1FC-08CF-4491-AA2E-101301EF4F81@cisco.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.26.0.170902
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [109.157.254.239]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2aa599d5-fca2-4142-c1d2-08d8594513eb
x-ms-traffictypediagnostic: DM5PR1101MB2153:
x-microsoft-antispam-prvs: <DM5PR1101MB2153EE1B7D0430D24CB0F94BB7200@DM5PR1101MB2153.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OOqWSU2D7Y4pCrW8L3FnWVjWofkSof5zsTDgsaG6u0QfEklaN4GOxgQ/mAK+h/bwJizH6O7esSlflFnSfvhV5N5AQ35bhopBB08+jcSLxXVedS1HgGpChlMelDmfosVefm8Fb3Hwwi3th0dZJAshpWrOWbY37yIyQUf5r0dwOQIaUqKEfjQzOpvZKqwi6HHPGF3aVCpvmgMU2DHM5wrBrqZQm4LoP8ZrDeua8488gsUqPrQle/9TRjPFbqEgwqs1o7CkrPinjGP722z8MGy+zD/YZxS455JCEn91097/GoqzYEWxTW9b+/JRlcNEd+l9IPSbkaIMjlTu1mlpALfWuw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR1101MB2313.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(39860400002)(346002)(136003)(396003)(376002)(2616005)(8676002)(36756003)(26005)(6506007)(83380400001)(450100002)(316002)(8936002)(33656002)(186003)(91956017)(6486002)(478600001)(76116006)(64756008)(6512007)(71200400001)(66946007)(66556008)(110136005)(5660300002)(2906002)(86362001)(66476007)(66446008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: P95KeA1Y1+5o3vWFe8Mu8aKvoRsf1fsQ4M/pHN7AUrWoDpdttljLzbtJBlAQ7R1FKyUcVK6YVYkZV5dFiuOAAV6wfTr1VR7mTVHvYgdmYE5EchUlgIWU9EUhwxjV/cbGBmg7cpKscU/5sCGBoBx2bN3M1RO/zmt6RUfNCZDFffyYvRqwXreevgkgV6lA/LdWqlOmA0M4eoCp/ypxjv9t0dZZuff1nG4LFbBQ0uwnt3i1lAhNHbjvGL/+7sX1zhRhex96jMHo9GhJymvmikMj6QOJ4Y5wVgd0m6I5VeKuUbre5H4Rx3n5KoZC1qnANvdfQbueikG4Zh9kpd24ryv6Jfy0eCx5/lDhKDdH2YpkV/eM9H/bSddEoTlsXwLqQlOLZ6CU5UlcZfMKojv07gVShYTOd2E18hl5Ug65/V2tjr5+qk9UvzT0Syx5kYL4N353UpGMhXNDMMFKbM11rjhAx7gRWqSp4A/jniPAoqVGqq6yusSxIR8BUX8fWJA7VsOnHc62V5JAAjjJcqE+MXEU4dC2Pese9S7eeSQnf1r3tpSkpYslZ9l91aQb5R1rUezNr++mALmetWwNeYLQ1amBS22xhEkU4Y0fYFjP5Q5Z2Mpw9bx8NCuR4RuHuWSwrpiYzZLPSnH1dEW+b6jukTso8g==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <003B979EC3AADA4888A069DE7D7A7AB8@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR1101MB2313.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2aa599d5-fca2-4142-c1d2-08d8594513eb
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Sep 2020 07:00:49.3009 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2E/pN4UvY2d3/D/+XCuw8WOPTf2fcI4JTd74V/bXiguPhqBqkDuDjPhm70du5K+PulFDha7Uy9hF9XQ+hiTPxA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2153
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/d3DVVe7v5be4mb6CRTyCLAxQbBQ>
Subject: [OPSAWG] Addenda to the T+ informational draft
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2020 07:00:57 -0000

Dear Opsawg,

Now the T+ draft is released from the editor stage I have asked for Alan’s comment to be incorporated, and submitted one other addenda for clarification on command accounting, into the accounting attributes section:

“Where the TACACS+ deployment is used to support the Device Administration use case,
it is often required to log all commands entered into client devices. To support this mode of operation,
TACACS+ client devices MUST be configured to send an accounting start packet for every command entered,
irrespective of how the commands were authorized. These “Command Accounting” packets
MUST include the “service” and “cmd” arguments, and if needed, the “cmd-arg”
arguments detailed in section 8.1 (authorization attributes) section.”

The intent here is to clarify the content of the command accounting packets, which are an optional requirement but should be the way that command accounting is done if it is needed.

Please LMK if there are any issues/concerns and I will update the addenda.

Many thanks.

v2.23.0 | Report a Bug | By Email