[tac_plus] Re: authorization
john heasley
heas at shrubbery.net
Sun Sep 16 22:56:43 UTC 2007
see user DEFAULT in tac_plus.conf(5), iirc.
Sat, Sep 15, 2007 at 01:06:22PM +0200, i.anfrage:
> hi @all,
>
> i?m trying to do some authorization stuff, but it doesn?t work in the way i thought it should.
>
> if i?ve got the following entry:
>
> on tacacs+:
>
> user = test {
> login = cleartext test
> cmd = show { permit ver }
> cmd = traceroute { permit .* }
> cmd = logout { permit .* }
> }
>
> on router:
>
> aaa authentication login tac_list group tacacs+ local
> aaa authorization exec auth1 group tacacs+
>
> line vty 0 4
> access-class 2 in
> authorization exec auth1
> login authentication tac_list
> transport input ssh
>
> vty 5 =>
> are disabled
>
> the user shouldn?t be able to do a "show ip interface brief", right?
> tia
>
> cheers
> tom
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20070915/6d97786e/attachment.html
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list