[Freeipa-interest] Future direction (feature request)
Dmitri Pal
dpal at redhat.com
Mon Jun 28 14:21:50 UTC 2010
david t. klein wrote:
>
>
>
> Is there any chance that a TACACS+ daemon could be integrated into a
> future version of FreeIPA, so that network rights can be assigned and
> delegated the same way as system rights? I have looked through Cisco's
> tac_plus (ftp://ftp-eng.cisco.com/pub/tacacs), and while I do not have
> the development skill to do so, I think that the daemon could be
> altered to take its rights-assignments and configuration from a
> directory, instead of from configuration file. This functionality
> would greatly increase the value of the tool to a couple of
> organizations that I have spoken to.
>
The chance is always there. However we are not TACACS experts.
For us to integrate it into IPA we would need (together with the TACACS
community and I am not sure we should work with...) sort out:
* Licensing
* The TACACS community should make the configuration pluggable so that
different plugins can be developed
* Then we can work together on the LDAP back end. We can consult and
help with the LDAP schema design. I would hope that work will be mostly
done by someone who is familiar with TACACS since it will take a lot
less time than for us.
But we are definitely open for a further discussion.
Thank you for your suggestion. If there is a need we are always
interested to address it.
Dmitri
>
>
>
>
> Thank you,
>
>
>
> -DTK
>
>
>
>
>
>
>
> --
> david t. klein
>
> Cisco Certified Network Associate (CSCO11281885)
> Linux Professional Institute Certification (LPI000165615)
> Redhat Certified Engineer (805009745938860)
>
> Quis custodiet ipsos custodes?
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-interest mailing list
> Freeipa-interest at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-interest
More information about the Freeipa-interest
mailing list