nanog mailing list archives
Re: TACACS+ server recommendations?
From: Mike Lewinski via NANOG <nanog () nanog org>
Date: Fri, 22 Sep 2023 20:56:14 +0000
We are using Okta's RADIUS service for 2fa to network gear currently, but looking to switch to tacacs+ for many reasons. Would prefer to implement tacacs+ with two-factor if possible.
tac_plus-ng from https://www.pro-bono-publico.de/projects/tac_plus-ng.html has LDAP and PAM backends, among others, so I believe you can implement 2FA through them. I haven't implemented this yet but it's on my to-do list (and I'm also warily watching passkey developments and wondering how much effort I should put into something that likely won't be best practice in another year or two). I see Marc Huber is also promoting/supporting tacacs+ extension for SSH public key auth https://github.com/MarcJHuber/event-driven-servers/wiki/TACACS_PLUS---SSH-Public-Key-Authentication
Current thread:
- Re: TACACS+ server recommendations?, (continued)
- Re: TACACS+ server recommendations? Mark Tinka (Sep 20)
- Re: TACACS+ server recommendations? Mike Lewinski via NANOG (Sep 20)
- Re: TACACS+ server recommendations? Jim (Sep 20)
- Re: TACACS+ server recommendations? Warren Kumari (Sep 20)
- Re: TACACS+ server recommendations? Christopher Morrow (Sep 20)
- Re: TACACS+ server recommendations? Simon Leinen (Sep 21)
- Re: TACACS+ server recommendations? Jim (Sep 21)
- Re: TACACS+ server recommendations? Christopher Morrow (Sep 21)
- RE: TACACS+ server recommendations? Kevin Burke via NANOG (Sep 22)
- Re: TACACS+ server recommendations? Tim Burke (Sep 22)
- Re: TACACS+ server recommendations? Mike Lewinski via NANOG (Sep 22)
- Re: TACACS+ server recommendations? J. Hellenthal via NANOG (Sep 23)
- Re: TACACS+ server recommendations? Alberto Vargas (Sep 23)
- Re: TACACS+ server recommendations? Christopher Morrow (Sep 21)
- Re: TACACS+ server recommendations? Bernhard Schmidt (Sep 25)