[tac_plus] tac_plus authorization capability

[Daniel Schmidt]

I wrote up a bit about authorization on tacacs.org - you may wish to read
there.


On Fri, Jul 26, 2013 at 2:08 AM, Alan McKinnon <alan.mckinnon at gmail.com>wrote:

> On 26/07/2013 03:18, Musa Aydın wrote:
> > Hi ,
> >
> > i set up a tac_plus and  i do basic configuration about authentication .
> > yes it is working absolutely good. but while i want to use authorization
> > process such as different privilege level of users it is not working
> > properly. i search some kind of document about this feature but nothing.
> if
> > is possible i misunderstand tac_plus authorization capability. if i set a
> > custom privilege level . which side assign a custom commands network
> device
> > or tac_plus server ? which one is working truely ?
> >
> > at tacacs+ server
> > group = newbie {
> > service =exec
> > priv-lvl = 6
> > default service = deny
> > cmd = show { permit *}
> > cmd = ping ( permit *}
> >
> > user = test
> >  { member = newbie}
> >
> > or
> >
> > at router
> >
> > privilege level 6 show...
> > privileve leve 6 ping...
> >
> > Briefly, Can i use tac_plus for speciifc commands authorization by assign
> >  specific privilege level completely tac_plus side ?
>
>
> Yes, but you must tell the router to use it with the
> "aaa authorization"
> configuration
>
> The router doesn't automatically use the tacacs server for authorization
>
> --
> Alan McKinnon
> alan.mckinnon at gmail.com
>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
>


E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20130726/934f08dc/attachment.html>