[tac_plus] shrubbery tacacs+-F4.0.4.15

john heasley heas at shrubbery.net
Wed Dec 1 22:03:00 UTC 2010 

Wed, Dec 01, 2010 at 11:59:33PM +0200, Alan McKinnon:
> Apparently, though unproven, at 22:22 on Wednesday 01 December 2010, 
> Muhunthan, Jay did opine thusly:
> 
> > Folks,
> > 
> > 
> > 
> > Is it possible to have a user part of multiple groups? 
> 
> No.
> 
> > For example,
> 
> This has been covered quite extensively in many threads just this past year, 
> please check the mailing list archives as the current status has been 
> documented here quite clearly several times.
> 
> You can easily find with the help of Google a patch set written by Gabor that 
> apparently works as long as one stays within reasonable bounds (such as 

try Gabor's patch.  i'm working to rewrite the config parser (made progress
over the US holiday); once that is done, i'll merge some form of Gabor's
hack.

> avoiding conflicting command configs). That patchset is not wrong, the subject
> itself is vastly more complex than at first appears.
> 
> The easiest solution is usually to run two instances of tac_plus.
> 
> > 
> > 
> > 
> > user = tom {
> > 
> >        acl = ACL
> > 
> >        login = file /etc/tacacs/tacacs_passwd
> > 
> >        member = LEVEL-1
> > 
> > }
> > 
> > The above shows the user is member of LEVEL-1 can we do some thing like
> > this
> > 
> > 
> > 
> > user = tom {
> > 
> >        acl = ACL
> > 
> >        login = file /etc/tacacs/tacacs_passwd
> > 
> >        member = LEVEL-1| LEVEL-2
> > 
> > }
> > 
> > 
> > 
> > 
> > 
> > Any help will be greatly appreciated.
> > 
> > 
> > 
> > 
> > 
> > Thanks
> > 
> > 
> > 
> > Jay....
> > 
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> > <http://www.shrubbery.net/pipermail/tac_plus/attachments/20101201/ffa9b977
> > /attachment.html> _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
> 
> -- 
> alan dot mckinnon at gmail dot com
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus

More information about the tac_plus mailing list