TACACS as an additional authentication backend.
TACACS as an additional authentication backend.
Proposer
K Sai Kiran (saikiran.k@tataelxsi.co.in)
Type
Feature
Target MDG/TF
NBI
Description
Currently, NBI supports authentication via two plugins
- Internal
- Keystone This feature aims to create a new plugin for TACACS+, which can be used for authentication (username/password).
For Project and Role management(CRUD), we can inherit the properties of internal authentication plugin.
For NBI to communicate with TACACS server, it needs the following parameters
- TACACS server IP.
- TACACS port number.
- TACACS secret key, to identify as TACACS client. These parameters will be written in nbi.cfg when TACACS is to be used.
Demo or definition of done
User can choose TACACS based authentication and enable this when NBI bootstraps. All the authentication will be done by TACACS and NBI will act as a client for authentication.