Hello,
I'm looking for insight on what people are using for centralized user
authentication. I've been running devrim seral's great hacked tac+ server
(http://www.gazi.edu.tr/tacacs/) for a while now, and while it works
beautifully on my cisco and foundry gear, it "eats it" on juniper
gear. As far as I can tell, junipers' docs for tac+ auth are completely
incorrect, and their support is pretty lackluster (lack of command
auth/acct and multiple template's being major issues). By conjecture,
radius seems to be the answer, but without having used it in quite a
while, I'd like some outside verification of this.
SO, what are your experiences with tac+ and radius on junOS? If you prefer
one over the other, why? Most importantly, what packages are you using for
your radius/tac+ servers? If i must migrate to radius, i'd prefer to stay
with something open-sourceish, but if i need to shell out a few bucks, i
would be willing to do so in order to gain clean clustering and a
distributed maintenance model.. any hints? (radiator?)
My main need for this is to have a centralized way to separate out the
engineers from the help desk, and allow services such as rancid or asset
management tools to grab data from an unprivileged account.
Any help would be much appreciated.
cheers,
-jba
-- [jba@analogue.net] :: analogue.networks.nyc :: http://analogue.net
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:40 EDT