This document defines a YANG module for the configuration of TACACS+ clients.

The document is short and straightforward, and I only have one significant comment.

* I am not familiar with common security practices for the devices covered by this protocol. But I am wondering, should the "shared-secret" field be made optional, so that it can be entered "out of band" in applications that prefer not to keep it stored in the YANG configuration store and available to network management tools?

* Not a security comment: the YANG module includes a reference to draft-ietf-opsawg-tacacs-18, but I assume that you'll want to replace it with the RFC number for that draft once it is published. Yet I don't see an RFC Editor note mentioning that.

* It is confusing that "messages-received" is for messages received by the server, and "errors-received" is for errors received *from* the server.