Centralized AAA support for system level administration is vital for broader acceptance, which ought to result in greater participation, contributorship, and resources. The absence of Triple-A is a showstopper, introducing tremendous administrative overhead, while falling short on concepts such as "least privilege," accountability, and auditability.
In a brief discussion on freenode yesterday, while looking for information about whether RADIUS was supported, there were questions about architectural choices that had yet to be made - such as how to handle home directories for TACACS or RADIUS authenticated system administrators. My response was:
- If the goal is "router appliance," then no - there's no need for home directories.
If there are other architectural discussion points that need resolution before work can be started on TACACS+ and/or RADIUS support, I'm happy to participate in that discussion. When and where? I can't contribute code, but I'm happy to contribute time, and my 26+ years of networking experience.
This task is the result of a post/tweet I wrote yesterday, and a follow up to a comment left by Yuriy.