Re: [j-nsp] auth servers.

From: Sean Capshaw (capshaw@juniper.net)
Date: Wed Apr 03 2002 - 08:11:17 EST


Jeff,

I'm not sure if this is what your looking for but we started
supporting TACACS+ allow and deny commands in 5.1 from the release
notes:

TACACS+ allow and deny commands--Adds support for the TACACS+
authentication procedure authorizing local users of Juniper Networks.

-Sean

On Wed, 3 Apr 2002, jeffrey arnold wrote:

>
> Hello,
>
> I'm looking for insight on what people are using for centralized user
> authentication. I've been running devrim seral's great hacked tac+ server
> (http://www.gazi.edu.tr/tacacs/) for a while now, and while it works
> beautifully on my cisco and foundry gear, it "eats it" on juniper
> gear. As far as I can tell, junipers' docs for tac+ auth are completely
> incorrect, and their support is pretty lackluster (lack of command
> auth/acct and multiple template's being major issues). By conjecture,
> radius seems to be the answer, but without having used it in quite a
> while, I'd like some outside verification of this.
>
> SO, what are your experiences with tac+ and radius on junOS? If you prefer
> one over the other, why? Most importantly, what packages are you using for
> your radius/tac+ servers? If i must migrate to radius, i'd prefer to stay
> with something open-sourceish, but if i need to shell out a few bucks, i
> would be willing to do so in order to gain clean clustering and a
> distributed maintenance model.. any hints? (radiator?)
>
> My main need for this is to have a centralized way to separate out the
> engineers from the help desk, and allow services such as rancid or asset
> management tools to grab data from an unprivileged account.
>
> Any help would be much appreciated.
>
> cheers,
> -jba
> --
> [jba@analogue.net] :: analogue.networks.nyc :: http://analogue.net
>
>
>



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:40 EDT