Dear Opsawg, Now the T+ draft is released from the editor stage I have asked for Alan’s comment to be incorporated, and submitted one other addenda for clarification on command accounting, into the accounting attributes section:
“Where the TACACS+ deployment is used to support the Device Administration use case, it is often required to log all commands entered into client devices. To support this mode of operation, TACACS+ client devices MUST be configured to send an accounting start packet for every command entered, irrespective of how the commands were authorized. These “Command Accounting” packets MUST include the “service” and “cmd” arguments, and if needed, the “cmd-arg” arguments detailed in section 8.1 (authorization attributes) section.” The intent here is to clarify the content of the command accounting packets, which are an optional requirement but should be the way that command accounting is done if it is needed. Please LMK if there are any issues/concerns and I will update the addenda. Many thanks. _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
