[tac_plus] Re: tac_plus config

Tom Murch tmurch at toniccomputers.com
Fri Aug 21 16:55:22 UTC 2009


so it works great except the enable password is not working on a per user
basis is there something i need to change to make that work?

On Fri, Aug 21, 2009 at 12:52 PM, Tom Murch <tmurch at toniccomputers.com>wrote:

> yeah thats a miss type on part. Let me go try this out.
>
> On Fri, Aug 21, 2009 at 12:09 PM, john heasley <heas at shrubbery.net> wrote:
>
>> Fri, Aug 21, 2009 at 11:29:14AM -0400, Tom Murch:
>> > ok so here is what i have
>> >
>> > user tom {
>> >          login = cleartext 'tom'
>> >          enable = cleartext 'tom12'
>> > }
>> >
>> > acl = badmatt {
>> >        login = cleartext 'matt'
>> >        enable = cleartext 'matt12'
>> >        deny 192\.168\.0\.1     # disallow enable on this tacacs client
>> >        permit .*
>> > }
>> > user matt { enableacl = badmatt }
>> >
>> > Will this work so that Tom and Matt can both enable on all things except
>> the
>> > 192.168.0.1 that matt is acl from?
>>
>> yes, but login and enable are not valid in acl {}.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090821/941f861b/attachment.html 


More information about the tac_plus mailing list