[tac_plus] Re: After Authorizaion Script
Schmidt, Daniel
dan.schmidt at uplinkdata.com
Mon May 4 17:24:40 UTC 2009
Hum... don't even have a web page to post it on. 326 lines - a bit long
for an email. Perhaps I should find a place to post it in case I wish
to add/fix the code. Suggestions?
-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net]
Sent: Monday, May 04, 2009 11:14 AM
To: Schmidt, Daniel
Subject: Re: [tac_plus] After Authorizaion Script
Mon, May 04, 2009 at 10:57:28AM -0600, Schmidt, Daniel:
> I have finished my python implementation of the "after authorization
> script", thanks all for your help. It allows more granular control of
> logins.
>
> If anybody would be interested in testing it, I would be happy to send
> it out. The configuration is fairly simple; as an example, let's say
I
please do, if nothing else I'll include it as an example.
> wanted to have user Homer have full access to 192.168.1.1 and
> 10.1.1.0/24, but only do show commands for everything else in
> 10.0.0.0/8. For the heck of it, let's say we only want them to
connect
> from 192.168.1.0/24, but never 192.168.1.4 - he can only do the show
> commands. The config would be as follows:
>
> [users]
> homer =
> simpson_group
> television_group
> [simpson_group]
> host_deny =
> 192.168.1.4
> host_allow =
> 192.168.1.*
> device_permit =
> 192.168.1.1
> 10.1.1.*
> command_permit =
> .*
> [television_group]
> host_allow =
> 192.168.1.*
> device_permit =
> 10.*
> command_permit =
> show.*
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list