[tac_plus] Re: After Authorizaion Script

John Payne john at sackheads.org
Tue May 5 14:20:49 UTC 2009 

On May 4, 2009, at 1:24 PM, Schmidt, Daniel wrote:

> Hum... don't even have a web page to post it on.  326 lines - a bit  
> long
> for an email.  Perhaps I should find a place to post it in case I wish
> to add/fix the code.  Suggestions?

tacacs.org would be happy to host it....

>
>
> -----Original Message-----
> From: john heasley [mailto:heas at shrubbery.net]
> Sent: Monday, May 04, 2009 11:14 AM
> To: Schmidt, Daniel
> Subject: Re: [tac_plus] After Authorizaion Script
>
> Mon, May 04, 2009 at 10:57:28AM -0600, Schmidt, Daniel:
>> I have finished my python implementation of the "after authorization
>> script", thanks all for your help.  It allows more granular control  
>> of
>> logins.
>>
>> If anybody would be interested in testing it, I would be happy to  
>> send
>> it out.  The configuration is fairly simple; as an example, let's say
> I
>
> please do, if nothing else I'll include it as an example.
>
>> wanted to have user Homer have full access to 192.168.1.1 and
>> 10.1.1.0/24, but only do show commands for everything else in
>> 10.0.0.0/8.  For the heck of it, let's say we only want them to
> connect
>> from 192.168.1.0/24, but never 192.168.1.4 - he can only do the show
>> commands.  The config would be as follows:
>>
>> [users]
>> homer =
>> 	simpson_group
>> 	television_group
>> [simpson_group]
>> host_deny =
>> 	192.168.1.4
>> host_allow =
>> 	192.168.1.*	
>> device_permit =
>> 	192.168.1.1
>> 	10.1.1.*
>> command_permit =
>>        .*
>> [television_group]
>> host_allow =
>> 	192.168.1.*	
>> device_permit =
>> 	10.*
>> command_permit =
>> 	show.*
>> _______________________________________________
>> tac_plus mailing list
>> tac_plus at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090505/73e69465/attachment.html

More information about the tac_plus mailing list