[tac_plus] New service
Anne Wei
Anne_Wei at symantec.com
Fri Oct 14 19:00:28 UTC 2011
Greeting,
I need help for a new request in our environment.
We want to use tac_plus as authentication for a GUI client application -
silverpeak. We currently have group SSONET defined in tac_plus.cfg as
following:
group = SSONET {
default service = permit
service = shell { priv_lvl=15 }
service = exec {
priv-lvl=15
optional shell:Admin = "Admin default-domain"
}
service = junos-exec { local-user-name = remote-ro }
after authorization "/bin/sh /app/tacacs/etc/do_auth.sh $name
/app/tacacs/etc/allow.sso /app/tacacs/etc/allow.sso_storage"
}
The GUI client requires silverpeak is defined on TACACS+ server, and use any
of the following as customer attribute for the service: role=admin,
role=manager,role=monitor. I checked only, and don't see the role concept in
tac_plus.cfg. And since there is default service = permit at top, can I
assume if no service silverpeak defined, the default authorization is
permit?
Please give me some advice and guide,
Thank you,
Anne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20111014/f1d02638/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5428 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20111014/f1d02638/attachment.bin>
More information about the tac_plus
mailing list