[tac_plus] More complex do_auth.py
Brandon Ewing
nicotine at warningg.com
Sat May 7 15:47:36 UTC 2011
On Wed, May 04, 2011 at 09:46:38AM -0600, Daniel Schmidt wrote:
> Yeah, and that darn, lazy author of do_auth didn't provide much
> documentation! Seriously, there is only this:
Thanks -- I found my issue -- I was putting in implicit command_deny's in
the groups instead of relying on fall-through.
Quick question, since I'm not as familiar with Python regexp as I'd like to
be -- if I'd like to permit the "no" version of a command at the same time
as the command itself, could I just do:
command_permit =
(no )? interface.*
Would definitely shorten my do_auth config file. Trying to do config-mode
authorization as well as command authorization, so I can have groups that
can re-configure interfaces and IPs, but not muck about in router ospf and
router bgp.
--
Brandon Ewing (nicotine at warningg.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20110507/7401d22b/attachment.bin>
More information about the tac_plus
mailing list