[tac_plus] Re: Authorization script and before authorization

john heasley heas at shrubbery.net
Wed May 12 18:18:28 UTC 2010


Wed, May 12, 2010 at 07:37:31PM +0200, Tourneur Henry-Nicolas:
> On Wednesday 12 May 2010 06:57:35 john heasley wrote:
> > Wed, May 12, 2010 at 06:34:24AM +0200, Kiss Gabor (Bitman):
> > > > > > Basically, I need 2 args, the ip of the device where we are trying
> > > > > > to execute the command ($ip I guess) and the command itself. But I
> > > > > > don't
> > > >
> > > > 2? I go in enable and then configure mode.
> > > > 3? I enter the command no interface GigabitEthernet0/1.114 (for
> > > > example) 4? When I enter the previous command, I would like to run an
> > > > authorization script on the no interface command. The script will be on
> > > > the same host than
> > >
> > > Oh I see. :-) "The command to be authorized".
> > > I guessed you mean a command to execute on TACACS+ server.
> > >
> > > > Where $ip should be (I guess) the IP address of the Cisco router.
> > > > With that sample, I'm still missing the whole command as an argument of
> > > > my script (/usr/local/bin/script don't know what to check).
> > > >
> > > > Do you know how to pass the command as an argument to the script ?
> > >
> > > Actually I don't know such a possibility.
> > > However I think you are able to modify the source code quite easily
> > > in order to get a new dollar variable.
> > 
> > i think theyre passed on stdin as AVPs arg1...argN.
> > 
> > > Regards
> > >
> > > Gabor
> > 
> 
> Is there any available doc/example on how to use those AVPs arg1...argN ?
> 
only was is in the tac_plus.conf manapge.  i dont use it; so i'd first
test to see all of the AVPs passed from the device to scripts or even
the daemon (-d debug knobs) for authorization.


More information about the tac_plus mailing list