[tac_plus] IOS XR
john heasley
heas at shrubbery.net
Fri Oct 15 15:30:12 UTC 2010
Fri, Oct 15, 2010 at 12:53:20PM +0200, Kiss Gabor (Bitman):
> > Meanwhile I found that the following config file snippet works well:
> >
> > service = exec {
> > task = "#operator,rwxd:bgp,rd:ospf"
> > }
> >
> > The only problem I found that tac_plus - unlike IOS XR - does not
> > concatenate privileges defined in various nested groups.
> > It sends back the first hit only.
> > So the authorization model differs depending on where authorization
> > actually happens.
> >
> > So I plan to modify the source in order to parse "task" keyword
> > and at least concatenate all values found during inheritance.
>
> I gave up. :-(
> This would require fundamental changes in config.c.
i havent thought about this feature, which is probably most sensibly
done as an external authorization script, but i have begun rewritting
the config parser to make it more flexible to changes....and thread-safe.
> Gabor
> --
> No smoke, no drugs, no vindoze.
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list