[tac_plus] Examples of RBAC in do_auth.py?
Brian Raaen
mailing-lists at zcorum.com
Thu Nov 17 19:56:49 UTC 2011
This is an example I have
[users]
dhcpadm =
architect
admin =
architect
architect =
architect
nocUser =
limitedAccessSite
troubleshooter
rancid =
rancid_access
[architect]
host_allow =
.*
device_permit =
.*
command_permit =
.*
[troubleshooter]
# Normal login for troublshooters
host_allow =
.*
# Blacklist of hosts with special rules
device_deny =
#ListOfSpecialDevices
device_permit =
.*
command_permit =
.*
[limitedAccessSite]
host_allow =
.*
device_permit =
#ListOfSpecialDevices
command_permit =
show .*
clear cable modem .*
clear counters
[rancid_access]
host_allow =
#RancidAddress
device_permit =
.*
command_permit =
show.*
dir.*
more.*
write t.*
---
Brian Raaen
Zcorum
Network Arcitect
On Thu, Nov 17, 2011 at 08:44:57AM -0600, Brandon Ewing wrote:
> Does anyone have any examples of do_auth.py config files that could be
> adapted for Role-based Access control?
>
> I want to break it up so I have groups of commands (l2-only, l3-only,
> routing protocols, etc), and groups of network devices (core, CPE, PE, etc),
> and assign groups of commands on groups of network devices to specific
> users.
>
> I don't know if do_auth.py is setup to provide something like this, but if
> anyone has any examples or pointers on how to approach the above, it would
> be appreciated.
>
> --
> Brandon Ewing (nicotine at warningg.com)
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 189 bytes
> Desc: not available
> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20111117/8de20bbd/attachment.bin>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list