[tac_plus] before/after authorization scripts
Fabrizio Gerardi
fabrizio.gerardi at eng.it
Wed May 28 14:25:02 UTC 2008
Dear sir,
I really appreciate your tacacs+ daemon.
I currently use it to get a centralized method to cope with AAA
Now I'm facing a really tricky issue I could not solve as far.
Basically I need to set a different privilege level depending on which
device the user is trying to connect. This because we use devices from
different brands which of course have different numbers standing for
"privilege level".
As far as I know current version of your daemon cannot do that by itself.
Anyway I read on the user guide about the possibility to call a
before/after authorization script. So I prepared a script: after some
checks on device name it exits with exit code 2 and write a line on
standard output that is supposed to change the privilege level. (i.e.
echo "priv-lvl=15" in case of a Cisco device).
Well, this script just doesn't work. I tried several combinations
without success.
There is no documentation about the syntax to be used nor I could find
any examples.
Could you please give me a piece of advise?
Kind regards,
Fabrizio Gerardi
More information about the tac_plus
mailing list