[tac_plus] Certain Permissions on some IP's and wide open Permissions on other IP's for same user-group-acl
Alan McKinnon
alan.mckinnon at gmail.com
Mon Dec 1 20:32:02 UTC 2014
On 01/12/2014 21:42, dwnek at dollartree.com wrote:
>
> I would like to have two separate ACL's for one group. One ACL will allow a
> network security group to run any command they want on switches they are
> responsible for managing and the other ACL will only allow them to run some
> show commands on any other network switch. Is this possible? Can I
> configure one group in the tac_plus.cfg with two nested ACL's? Please
> provide a short config example.
>
>
> Thank You, Derek
It is possible using tac_plus.conf, but to do it you have to jump
through many painful hoops that you will not understand tomorrow. many
of us have gone down this road already and felt the pain.
You want Dan Schmidt's do_auth.py script, bundled with recent versions
of tac_plus. It comes with very clear complete docs, read them just once
and it will be obvious how to solve the problem you face.
--
Alan McKinnon
alan.mckinnon at gmail.com
More information about the tac_plus
mailing list