<div dir="ltr">The service = exec stanza tells Tac_Plus to do (everything you have in that stanza) whenever the device requests authorization for "exec".</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div>--</div>John Fraizer<div>LinkedIn profile: <a href="http://www.linkedin.com/in/johnfraizer/" target="_blank">http://www.linkedin.com/in/johnfraizer/</a></div><div><br><div><span style="color:rgb(53,53,53);font-family:Arial,sans-serif;font-size:12px;line-height:12px;background-color:rgb(244,244,244)"><br></span></div></div></div></div></div>
<br><div class="gmail_quote">On Thu, Apr 16, 2015 at 3:38 AM, Martin T <span dir="ltr"><<a href="mailto:m4rtntns@gmail.com" target="_blank">m4rtntns@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Krux,<br>
<br>
I think it is bit more than just the privilege level. Looks like it is<br>
the whole "service = exec" configuration snippet which specifies for<br>
example "autocmd" or "idletime" besides "priv-lvl".<br>
<br>
<br>
regards,<br>
Martin<br>
<div class="HOEnZb"><div class="h5"><br>
On 4/14/15, Krux <<a href="mailto:krux@thcnet.net">krux@thcnet.net</a>> wrote:<br>
> Authorization exec is used to tell the Cisco device to use the privilege<br>
> level specified by the TACACS+ server when logging in. For example privilege<br>
> level 15. This means you don't have to issue the enable command. It is also<br>
> required if you want to use features like the scp server to push firmware to<br>
> your device, since the scp server requires that your exec level be 15 on<br>
> login.<br>
> perl -e 's==UBER?=+y[:-o]}(;->\n{q-yp-y+k}?print:??;-p#)'<br>
><br>
> On April 13, 2015 1:54:37 AM PDT, Martin T <<a href="mailto:m4rtntns@gmail.com">m4rtntns@gmail.com</a>> wrote:<br>
>>Hi,<br>
>><br>
>>in Cisco IOS TACACS+ client there is a command "aaa authorization exec<br>
>>default group tacacs+". Am I correct that all this command does is to<br>
>>force TACACS+ client to take account the "service = exec"<br>
>>configuration snippet in tac_plus daemon configuration file? For<br>
>>example:<br>
>><br>
>>service = exec {<br>
>> priv-lvl = 15<br>
>> autocmd = "show version"<br>
>>}<br>
>><br>
>><br>
>>thanks,<br>
>>Martin<br>
>>_______________________________________________<br>
>>tac_plus mailing list<br>
>><a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
>><a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
><br>
><br>
><br>
_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
</div></div></blockquote></div><br></div>