[tac_plus] user DEFAULT - anyone can login?
Asif Iqbal
vadud3 at gmail.com
Mon Jun 16 19:17:08 UTC 2014
So if I understand correctly with the following stanza in tac_plus.conf
anyone with valid LDAP credentials (PAM is pointing to LDAP in my case)
can login to a router?
user = DEFAULT {
login = PAM
member = doauthaccess
}
I am guessing I cannot really use this should I want to limit
who can login?
I guess I cannot take advantage of do_auth to prevent login since
it gets called after authorization?
May be I can use do_auth with before authorization as well and
define the allowed users under the [users] stanza and limti that
way if I want to shrink my tac_plus conf user blocks to just DEFAULT?
Please advise.
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140616/321bd514/attachment.html>
More information about the tac_plus
mailing list