[tac_plus] Re: tac_plus config
john heasley
heas at shrubbery.net
Fri Aug 21 16:09:33 UTC 2009
Fri, Aug 21, 2009 at 11:29:14AM -0400, Tom Murch:
> ok so here is what i have
>
> user tom {
> login = cleartext 'tom'
> enable = cleartext 'tom12'
> }
>
> acl = badmatt {
> login = cleartext 'matt'
> enable = cleartext 'matt12'
> deny 192\.168\.0\.1 # disallow enable on this tacacs client
> permit .*
> }
> user matt { enableacl = badmatt }
>
> Will this work so that Tom and Matt can both enable on all things except the
> 192.168.0.1 that matt is acl from?
yes, but login and enable are not valid in acl {}.
More information about the tac_plus
mailing list