[tac_plus] tac_plus issues
Bo Byrd
bbyrd74 at gmail.com
Wed Sep 11 17:43:56 UTC 2013
Hello,
I have authorization set up but it only seems to work if there are no
arguments to a command. so my user can 'exit' and can 'show' but cannot
'show run' even though I used the 'permit .*' under the cmd = show section
Here is my log, can you tell what is wrong? Thanks for this nifty software!
Reading config
Version F4.0.4.19 Initialized 1
tac_plus server F4.0.4.19 starting
uid=559 euid=559 gid=559 egid=559 s=4
connect from 192.168.0.85 [192.168.0.85]
login query for 'ro' tty10 from 192.168.0.85 accepted
connect from 192.168.0.85 [192.168.0.85]
connect from 192.168.0.85 [192.168.0.85]
Start authorization request
do_author: user='ro'
user 'ro' found
authorize_cmd: user=ro, cmd=show
line 7 compare show permit '.*' & '<cr>' match
show <cr> permitted by line 7
authorization query for 'ro' tty10 from 192.168.0.85 accepted
connect from 192.168.0.85 [192.168.0.85]
connect from 192.168.0.85 [192.168.0.85]
Start authorization request
do_author: user='ro'
user 'ro' found
authorize_cmd: user=ro, cmd=show running-config
cmd show running-config does not exist, denied by default
authorization query for 'ro' tty10 from 192.168.0.85 rejected
connect from 192.168.0.85 [192.168.0.85]
connect from 192.168.0.85 [192.168.0.85]
Start authorization request
do_author: user='ro'
user 'ro' found
authorize_cmd: user=ro, cmd=exit
line 11 compare exit permit '.*' & '<cr>' match
exit <cr> permitted by line 11
authorization query for 'ro' tty10 from 192.168.0.85 accepted
connect from 192.168.0.85 [192.168.0.85]
connect from 192.168.0.85 [192.168.0.85]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20130911/7d551681/attachment.html>
More information about the tac_plus
mailing list