Skip to main content

A YANG Data Model for Terminal Access Controller Access-Control System Plus (TACACS+)

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: Joe Clarke <>, The IESG <>,,,,,,
Subject: Protocol Action: 'A YANG Module for TACACS+' to Proposed Standard (draft-ietf-opsawg-tacacs-yang-12.txt)

The IESG has approved the following document:
- 'A YANG Module for TACACS+'
  (draft-ietf-opsawg-tacacs-yang-12.txt) as Proposed Standard

This document is the product of the Operations and Management Area Working

The IESG contact persons are Warren Kumari and Robert Wilton.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

   This document defines a Terminal Access Controller Access-Control
   System Plus (TACACS+) client YANG module, that augments the System
   Management data model, defined in RFC 7317, to allow devices to make
   use of TACACS+ servers for centralized Authentication, Authorization
   and Accounting (AAA).

Working Group Summary

The contention over TACACS+ in general carried over a bit in the initial development of this document and its module.  To alleviate that, the scope was reduced to avoid an overall AAA module and instead focus on configuring the client-side of the TACACS+ protocol specifically.  Towards the end, there was good feedback on YANG structure, terminology and providing an example to make the module use clearer.

That said, the ietf-system currently only defines authentication and not authorization and accounting.  So, while the TACACS+ module allows to specify a TACACS+ server that can do both authorization and accounting, the configuration nodes for that are not yet in the ietf-system module.  The intent, as understood by the doc shepherd, is to propose new work to handle those methods in a more general approach outside the restricted scope of this TACACS+ document.

Document Quality

TACACS+ is certainly implemented and deployed. 

Huawei has implemented this draft in their devices.  It is likely that this YANG module will be implemented by other vendors as part of the wider IETF YANG ecosystem.

The document has undergone various expert-level reviews besides the WG review.  In particular YANG Doctors and SECDIR have reviewed and said it was ready.  The comments that arose from those reviews have been addressed in revision -05 of the document.  


Joe Clarke is the Document Shepherd.
Rob Wilton is the responsible Area Director.

RFC Editor Note