Authentication, authorization, and accounting (AAA) services secure networks against unauthorized access. Besides local authentication, Enterprise SONiC Distribution by Dell Technologies supports remote authentication dial-in user service (RADIUS) and terminal access controller access control system (TACACS+) client/server authentication systems. For RADIUS and TACACS+, a SONiC switch acts as a client and sends authentication requests to a server that contains all user authentication and network service access information.
For user authentication, the SONiC REST API uses:
REST API authentication using a certificate requires a client certificate to be sent by the client. The certificate is signed by a certificate authority (CA) and contains the common name (CN) field set to the name of the user.
There are three types of authentication which you can include in gNMI requests:
The username and password are sent in the metadata in the request.
JWT requires you first to authenticate using a gNOI RPC call by providing a username and password.
Certificate authentication requires the use of a valid certificate, signed by the certificate authority (CA) specified in the switch, and must contain the username in the common name (CN) field.