[tac_plus] Cisco & mandatory pairs/brocade-privlvl
Daniel Schmidt
daniel.schmidt at wyo.gov
Tue Feb 21 22:00:37 UTC 2012
I previously reported that a Cisco, given the mandatory brocade-privlvl
(which it doesn’t understand), will simply default to disable. This
assertion appears to be incorrect. On some devices/versions it puts you
in disable, in some it puts you in enable, and on some it flat out denies
access telling you authorization failed. Serves me right, expecting
consistency when Heasley flat out warned me not to! Brocades new method of
using optional av pairs will serve them better - one has to wonder if Cisco
makes it work incorrect on purpose.
Feb 21 21:30:32.346: AAA/AUTHOR (0x12B): Pick method list 'default' - FAIL
Feb 21 21:30:32.390: AAA/AUTHOR/EXEC(0000012B): Authorization FAILED
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20120221/29fea2ab/attachment.html>
More information about the tac_plus
mailing list