[tac_plus] Should optional A/V pair be sent?
Alan McKinnon
alan.mckinnon at gmail.com
Wed Jan 25 10:15:29 UTC 2012
On Wed, 25 Jan 2012 01:23:16 +0000
heasley <heas at shrubbery.net> wrote:
> handling of optional AVs is coded as 'if the nas didnt send it (as
> mandatory or optional), then the daemon does not send it'.
>
> the ancient ietf draft does not make this necessary. its only
> assertion is that both sides must ignore optional AVs if they do not
> support them:
>
> The arguments in both a REQUEST and a RESPONSE can be specified as
> either mandatory or optional. An optional argument is one that may
> or may not be used, modified or even understood by the recipient.
>
> ISTR someone mentioning on this list that some device of theirs threw
> a fit if it received an optional AVP that it didnt understand.
> Perhaps daniel?
I have Nexus and Juniper kit that does that. When we work around that,
the Cisco GSRs fall over and die.
Consensus amongst NetOps here is that Tacacs implementations on
NASes are so variable and so ill defined that the "standard" is
"whatever the vendor decided they feel like doing today".
--
Alan McKinnnon
alan.mckinnon at gmail.com
More information about the tac_plus
mailing list