[tac_plus] Re: How can I deny/permit ?

Alexander Czutka aczutka at brocade.com
Fri Jan 30 20:27:24 UTC 2009


Hello Nathan,

 

it doesn´t work.

 

user = user2 {

#             member = group2

#             debug = REGEX

             login = cleartext "user2"

             enable = cleartext "user2"

 

            cmd = show {

                       permit ip

                       deny "ip ospf"

            }

 

# END

 

Regards,

 

Alexander

 

________________________________

Von: nschrenk at gmail.com [mailto:nschrenk at gmail.com] Im Auftrag von Nathan Schrenk
Gesendet: Freitag, 30. Januar 2009 21:14
An: Alexander Czutka
Cc: tac_plus at shrubbery.net
Betreff: Re: [tac_plus] How can I deny/permit ?

 

On 1/30/09, Alexander Czutka <aczutka at brocade.com> wrote:

	Hello,
	
	I´m trying to setup an authorization for a user.
	
	The user should be allowed to do a:
	
	- Show ip
	- show ip route
	
	But he shouldn´t execute the commands, which starts with:
	
	- Show ip ospf
	- Show ip pim
	
	I tried this, but it didn´t work:
	
	cmd = show {
	            permit ip
	            deny ip ospf
	            }
	
	root at ubuntu-fdry:/# tac_plus -C /etc/tac_plus.conf
	Error: expecting '}' but found 'ospf' on line 40
	root at ubuntu-fdry:/#
	
	Is this possible ?


Try putting quotes around the tokens:

cmd = show {
            permit ip
            deny "ip ospf"  
            }

Nathan

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090130/57a99efa/attachment.html 


More information about the tac_plus mailing list