[Freeipa-users] Feature request: TACACS+ integration

[david klein]

Sorry to those who have already seen this; I posted to the wrong
mailing list (the -interest mailing list instead of the -users list).

As an NMS engineer, I have a use for integrated TACACS+ with a unified
identity solution, so that the same account name and password can
grant access for managing network infrastructure devices as well as
UNIX and Linux servers, and so that network rights can be assigned and
delegated through the same GUI as systems rights.

There is an open source TACACS+ service called "tac_plus", which used
to be maintained by Cisco, and which is now maintained by Shrubbery
Networks, Inc (http://www.shrubbery.net/tac_plus/). It appears that
under Shrubbery's guidance and development, the tac_plus daemon can
use LDAP by way of PAM to handle authentication, according to
http://www.shrubbery.net/tac_plus/PAM_guide.txt. At this point, only
authentication appears to have been externalized, but it does prove
the concept.

How does Redhat currently measure the degree of interest in possible
features for inclusion in the FreeIPA/EnterpriseIPA product, and would
it be worthwhile to gather statements from other systems
administrators to help demonstrate the desirability and usefulness of
this feature request? This would be a very helpful capability, as it
would remove dependence on ACS, which is expensive and complex (and
complicated) TACACS+ server.



Thank you,

 -DTK



-- 

david t. klein

Cisco Certified Network Associate (CSCO11281885)
Linux Professional Institute Certification (LPI000165615)
Redhat Certified Engineer (805009745938860)

Quis custodiet ipsos custodes?