[tac_plus] Problem with creating Multiple groups for a single user. (creating composite groups)

Asif Iqbal vadud3 at gmail.com
Tue Apr 8 00:41:26 UTC 2014


On Mon, Apr 7, 2014 at 2:24 PM, Daniel Schmidt <daniel.schmidt at wyo.gov>wrote:

> I see no reason why you couldn't do it with one instance with the help of
> do_auth.  Just need to know what pairs to send to who.
>

Please let me know if I should start a new discussion thread, but I have 13
different tac_plus
instances with 267 groups and 11969 user = foo {..} entries.

So any user could be on any of those groups as long as no one user in
multiple groups on any
of the 13 instances.

I would love to see if I can consolidate all two one instance.

It will probably also help adding a user using a script to multiple groups.
Currently doing
tons of awk magics to keep the {} pairs in track while adding new users on
multiple instances
into multiple groups.




>
> On Sun, Apr 6, 2014 at 1:16 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>
>>
>>
>>
>> On Sun, Apr 6, 2014 at 2:53 PM, Daniel Schmidt <daniel.schmidt at wyo.gov>wrote:
>>
>>>
>>> On a side note, while thanking Alan for his assisting while I was out, I
>>> have to also smile at a bit of irony in that the one person who was wary
>>> and wouldn't touch do_auth is now helping people with it.  :-P  Thanks
>>> Alan!
>>>
>>
>> Another offtopic comment, but we manage about 8 different tac_plus
>> instances
>> on different IP/PORT combination. And command authorizations are
>> different,
>> at least between cisco and juniper. We also have arista, alcatel and
>> others.
>>
>> I should give the do_auth a try, not sure how different command
>> authorization
>> syntax can be consolidated?
>>
>> Sorry about injecting offtopic conversation here.
>>
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>>
>>
> E-Mail to and from me, in connection with the transaction
> of public business, is subject to the Wyoming Public Records
> Act and may be disclosed to third parties.
>
>
>


-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140407/eeb4790e/attachment.html>


More information about the tac_plus mailing list