[tac_plus] authorization
i.anfrage
i.anfrage at gmx.de
Sat Sep 15 11:06:22 UTC 2007
hi @all,
i´m trying to do some authorization stuff, but it doesn´t work in the way i thought it should.
if i´ve got the following entry:
on tacacs+:
user = test {
login = cleartext test
cmd = show { permit ver }
cmd = traceroute { permit .* }
cmd = logout { permit .* }
}
on router:
aaa authentication login tac_list group tacacs+ local
aaa authorization exec auth1 group tacacs+
line vty 0 4
access-class 2 in
authorization exec auth1
login authentication tac_list
transport input ssh
vty 5 =>
are disabled
the user shouldn´t be able to do a "show ip interface brief", right?
tia
cheers
tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20070915/6d97786e/attachment.html
More information about the tac_plus
mailing list