Last Call Review of draft-ietf-opsawg-tacacs-yang-03
review-ietf-opsawg-tacacs-yang-03-yangdoctors-lc-lhotka-2020-05-04-00
Request | Review of | draft-ietf-opsawg-tacacs-yang |
---|---|---|
Requested revision | No specific revision (document currently at 12) | |
Type | Last Call Review | |
Team | YANG Doctors (yangdoctors) | |
Deadline | 2020-05-03 | |
Requested | 2020-04-20 | |
Requested by | Joe Clarke | |
Authors | Bo Wu , Guangying Zheng , Zitao Wang | |
I-D last updated | 2020-05-04 | |
Completed reviews |
Secdir Last Call review of -03
by Yaron Sheffer
(diff)
Yangdoctors Last Call review of -03 by Ladislav Lhotka (diff) Secdir Last Call review of -09 by Yaron Sheffer (diff) Genart Last Call review of -09 by Mohit Sethi (diff) |
|
Assignment | Reviewer | Ladislav Lhotka |
State | Completed | |
Request | Last Call review on draft-ietf-opsawg-tacacs-yang by YANG Doctors Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/yang-doctors/ofPEUeID6-JYJPyrrrwzEqQvTCc | |
Reviewed revision | 03 (document currently at 12) | |
Result | Ready w/nits | |
Completed | 2020-05-04 |
review-ietf-opsawg-tacacs-yang-03-yangdoctors-lc-lhotka-2020-05-04-00
The YANG module specified in this I-D defines a relatively simple augmentation of the "ietf-system" module that enables configuration of TACACS+ authentication. The ietf-system-tacacsplus module is in a good shape, I found no substantial problems. **** Comments - In sec. 3, the text says: 'The ietf-system-tacacsplus module is intended to augment the "/sys:system" path defined in the ietf-system module with "tacacsplus" grouping.' It would be more precise to say '... with the contents of the "tacacsplus" grouping.' - Description of the leaf /ietf-system-tacacsplus:tacacsplus/statistics/sessions is cryptic and unclear. - Typo in error-message of /ietf-system:system/ietf-system-tacacsplus:tacacsplus: s/sysytem/system/ - Is it correct that the server type may be either one of "authentication", "authorization" or "accounting", or all of them? Is it impossible for a server to be authentication & authorization but not accounting? Such a variant cannot be configured. - The "case" statements in ietf-system-tacacsplus:tacacsplus/source-type are unnecessary because each contains only one leaf of the same name; I suggest to remove them. - Security Considerations should specifically address the "shared-secret" leaf. - The purpose of Appendix A is unclear, the information it provides is (or should be) in the previous text, the YANG module, and RFC 7317. Instead, it would be useful to provide an example of TACACS+ configuration, e.g. in JSON representation.