[tac_plus] Re: Please help?

john heasley heas at shrubbery.net
Mon Jun 11 16:01:11 UTC 2007 

I believe you want one of the following:

user = DEFAULT {
    default service = permit
}
user = whomever {
    default service = permit
}

the first replaces the syntax default authorization = permit.

Sun, Jun 10, 2007 at 08:58:45AM -0700, Chris Phillips:
> Hi there,
> 
> I've just setup your TACACS server for the first time and I am either 
> running into a bug or outdated documentation/man pages.  I am really 
> sorry for emailing you, but there isn't a whole lot in your mailing list 
> or in Google about my issue.
> 
> Here is my config:
> 
> key = xxxxxxxxxxxxx
> accounting file = /home/tacacs/accounting.log
> #default authorization = permit
> 
> user = chris {
>          login = des xxxxxxxxxxxxx
>          enable = des xxxxxxxxxxxxx
>          default authorization = permit
> #       cmd = show {
> #               permit .*
> #       }
> #       cmd = configure {
> #               permit .*
> #       }
> #       cmd = aaa {
> #               permit .*
> #       }
> #       cmd = write {
> #               permit .*
> #       }
> #       cmd = enable {
> #               permit .*
> #       }
> #       cmd = .* {
> #               permit .*
> #       }
> }
> 
> user = bob {
>          login = cleartext 123
> }
> 
> My problem is that this breaks the tac_plus daemon.  I get the following 
> error: "Error: Unrecognised keyword default for user on line 8"
> 
> This line is the "default authorization = permit" which the man page 
> suggests works.  Am I reading this wrong?  When I uncomment the "cmd =" 
> statements, those commands work fine, as does everything else I have 
> tried thus far, with the exception of the default authorization statement.
> 
> My goal here is to permit authorization for all commands for the user 
> chris or even on a global level; both are acceptable.  I can then 
> implicitly specify the commands I want to permit for say, the user bob.
> 
> Thank you in advance for your reply, and many many thank yous for 
> writing this, and other (RANCID), GREAT services.
> 
> -CP
> 
> 
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus

More information about the tac_plus mailing list