[j-nsp] TACACS+ support status in JUNOS

Domiciano Alonso Fernández daf at ttd.net
Fri Oct 15 11:06:11 EDT 2004


Hi,
We've accounting and authorization working. We're on JunOS 6.4r2.4 
Couldn't say which exact version it was introduced
Authorization is based on profile, it gets the profile it has to apply 
to the user when it logs in, rather than asking the TACAC+ server each 
command.
Regards.

Justin M. Streiner wrote:

> All:
>
> In reading through older messages on this list, as well as some 
> relevant docs on Juniper's site, it still appears that Juniper's 
> support of TACACS+ is not as thorough as Cisco's, or at least it 
> doesn't apear to be possible to get Juniper and Cisco boxes to behave 
> the same way in a TACACS environment.
>
> Specifically:
>
> 1) It still looks like local user accounts need to be defined on the
>     router, as opposed to checking usernames against the TACACS server.
> 2) Is there any support for authorization and accounting via TACACS, such
>     as command logging, etc?
>
> I've looked at the TACACS documentation on Juniper's support site for 
> both the version of JUNOS I'm running right now (6.1) and more recent 
> versions like 6.4 and I don't see many enhancements in the TACACS 
> implementation.
>
> Am I correct in my assessment of this?  If you're running your 
> Junipers in a TACACS environment, how are you handling this?
>
> jms
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>


-- 

Domiciano Alonso Fernández
Conmutación IP
Ingeniería de Red

	


	



More information about the juniper-nsp mailing list