[tac_plus] After Authorizaion Script
Schmidt, Daniel
dan.schmidt at uplinkdata.com
Mon May 4 16:57:28 UTC 2009
I have finished my python implementation of the "after authorization
script", thanks all for your help. It allows more granular control of
logins.
If anybody would be interested in testing it, I would be happy to send
it out. The configuration is fairly simple; as an example, let's say I
wanted to have user Homer have full access to 192.168.1.1 and
10.1.1.0/24, but only do show commands for everything else in
10.0.0.0/8. For the heck of it, let's say we only want them to connect
from 192.168.1.0/24, but never 192.168.1.4 - he can only do the show
commands. The config would be as follows:
[users]
homer =
simpson_group
television_group
[simpson_group]
host_deny =
192.168.1.4
host_allow =
192.168.1.*
device_permit =
192.168.1.1
10.1.1.*
command_permit =
.*
[television_group]
host_allow =
192.168.1.*
device_permit =
10.*
command_permit =
show.*
More information about the tac_plus
mailing list