Hi John, Thanks for the review. Please see inline. Regards, Bo -----邮件原件----- 发件人: john heasley [mailto:heas@xxxxxxxxxxxxx] 发送时间: 2020年5月8日 2:10 收件人: Ladislav Lhotka <ladislav.lhotka@xxxxxx> 抄送: tom petch <ietfc@xxxxxxxxxxxxx>; Wubo (lana) <lana.wubo@xxxxxxxxxx>; Joe Clarke (jclarke) <jclarke@xxxxxxxxx>; yang-doctors@xxxxxxxx; opsawg@xxxxxxxx; draft-ietf-opsawg-tacacs-yang.all@xxxxxxxx; last-call@xxxxxxxx 主题: Re: [Last-Call] Yangdoctors last call review of draft-ietf-opsawg-tacacs-yang-03 Thu, May 07, 2020 at 03:02:24PM +0200, Ladislav Lhotka: > > [Bo] Please see if the definition below is correct: > > typedef tcsplus-server-type { > > type bits { > > bit authentication { > > description > > "When set, the server is an authentication server."; > > } > > bit authorization { > > description > > "When set, the server is an authorization server."; > > } > > bit accounting { > > description > > "When set, the server is an accounting server."; > > } > > bit all { > > description > > "When set, the server can be all types of TACACS+ servers."; > > } > > > > } > > description > > "server-type can be set to authentication/authorization/accounting or any combination of the three types. > > When all three types are supported, either "all" or the three bits setting can be used; > > } > > > > <tp> > > I would drop the all. I know that I suggested it, or an asterisk, but I was thinking that this was a common case. Joe suggests that no accounting is the commoner - I do not have sufficient exposure to know - in which case I would not bother with 'all'. Whether or not to make auth/auth the default I have no particular view on - as I say, I lack the exposure to be confident about that. > > > > Having 'all' adds complexity, two ways to something, while making a small saving in message size - on balance, not worth it. > > Agreed. Lada Note that enabling certain types of accounting is rare, at least in my opinion. eg: enabling login accounting is not rare, while command accounting is rare because it is expensive esp. on some particular devices. Also, rare or not, enabling it for a tacacs server is sort of orthogonal. it will not be used for that purpose unless some form of accounting is enabled. I'll have to look at the model again; i do not recall if the model allows for particular accounting types w/o augmentation. [Bo] The accounting type you mentioned, I understand, is that the System model needs to be augmented. Currently, the System model only defines authentication. About the model, do you think the "all" bit is still necessary? -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
