[tac_plus] do_auth & TCL
Daniel Schmidt
daniel.schmidt at wyo.gov
Thu Jun 6 22:45:00 UTC 2013
I've discovered an incompatibility between do_auth and TCL scripts and
recommend that anybody authorizing on commands used in their TCL scripts
NOT use do_auth without prior testing. And by "fixed," I really mean the
usual: Find a work around for Cisco's lack of consistency in their Tacacs
implementation.
Short Technical:
TCL commands auth with an ip of 'async', NO username, NO device name and
that really confuses the #*@& out of getopt(). Maybe I'll have to finally
get around to cobbling my own argv parser. (Volunteers welcome)
Suggested workaround:
Assign command to priv-lvl 1 & don't auth on priv-lvl 1. Ex:
privilege exec level 1 show your_command
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20130606/85693021/attachment.html>
More information about the tac_plus
mailing list