[tac_plus] Per Device Command Authorization

Ben Wiechman wiechman.lists at gmail.com
Wed Nov 17 22:57:13 UTC 2010


Is it possible to configure a list of commands a user is authorized to
execute that differs by device?

In our case we'd like to allow certain users read only type access on most
devices, but give more access on certain devices to do things like configure
static NAT, etc. Firewall administrators need more permissions on the
firewalls, but not on backbone routers as another example. 

I don't see any way to do this with the stock configuration, but I may be
missing something. 

It looks like it might be possible with the multiple groups patch here
(http://bakacsin.ki.iif.hu/~kissg/pd/tac_plus/), but I'm not entirely clear
on that either. 

Ben



More information about the tac_plus mailing list