[tac_plus] Re: After authorization scripting
Kiss Gabor (Bitman)
kissg at ssg.ki.iif.hu
Wed Aug 22 06:40:22 UTC 2007
> it and show the conf file command. I have played around with the format
> but haven't had any success to date, it is mainly trial and error. Any
> help would be greatly appreciated.
> Example of script:
> #!/bin/sh
>
> if [ "$1" = 'test' ]
> then
> if [ "$2" = 'X.X.X.X' ] #ip of switch
> then
> echo default service=permit
> echo login=cleartext XXX
> echo service=exec
> echo {
> echo priv-lvl=15
> echo
> echo cmd=arp
> echo {
> echo permit timeout
> echo }
> echo cmd=no
> echo {
> echo permit arp
> echo }
> echo cmd=show
> echo {
> echo permit run
> echo permit start
> echo }
> echo cmd=configure
> echo {
> echo permit terminal
> echo permit interface
> echo deny .*
> echo }
> exit 2
> fi
> fi
> exit 1
Users_guide writes:
The program is expected to process the AV pairs and write them to its
standard output, one per line. What happens then is determined by the
exit status of the program:
...
If the program returns a status of 2, authorization is permitted and
any AV pairs returned from the program on its standard output are sent
to the NAS in place of any AV pairs that the daemon may have
constructed.
Gabor
More information about the tac_plus
mailing list