From: OPSAWG <opsawg-bounces@xxxxxxxx> on behalf of Wubo (lana) <lana.wubo@xxxxxxxxxx> Sent: 07 May 2020 09:08 Hi Lada, Joe, Thanks for the guidance, please see inline. Thanks, Bo -----邮件原件----- 发件人: Ladislav Lhotka [mailto:ladislav.lhotka@xxxxxx] 发送时间: 2020年5月7日 14:38 "Joe Clarke (jclarke)" <jclarke@xxxxxxxxx> writes: >> - Is it correct that the server type may be either one of "authentication", "authorization" or "accounting", or all of them? Is it impossible for a server to be authentication & authorization but not accounting? Such a variant cannot be configured. >> [Bo] OK, will correct when the final guidance on this issue is received. > > Lada replied yesterday to say that the bit string is likely preferred similar to access-operations in ietf-netconf-acm. I might personally discourage the use of ‘*’ for this given that there are only three types, but that’s just my individual thought. +1 I think it is better to have all three types explicitly in the value. Perhaps this could also be the default? Lada [Bo] Please see if the definition below is correct: typedef tcsplus-server-type { type bits { bit authentication { description "When set, the server is an authentication server."; } bit authorization { description "When set, the server is an authorization server."; } bit accounting { description "When set, the server is an accounting server."; } bit all { description "When set, the server can be all types of TACACS+ servers."; } } description "server-type can be set to authentication/authorization/accounting or any combination of the three types. When all three types are supported, either "all" or the three bits setting can be used; } <tp> I would drop the all. I know that I suggested it, or an asterisk, but I was thinking that this was a common case. Joe suggests that no accounting is the commoner - I do not have sufficient exposure to know - in which case I would not bother with 'all'. Whether or not to make auth/auth the default I have no particular view on - as I say, I lack the exposure to be confident about that. Having 'all' adds complexity, two ways to something, while making a small saving in message size - on balance, not worth it. Tom Petch > > Joe > -- Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67 _______________________________________________ OPSAWG mailing list OPSAWG@xxxxxxxx https://www.ietf.org/mailman/listinfo/opsawg -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
