[tac_plus] managing accounts

Daniel Schmidt daniel.schmidt at wyo.gov
Thu May 22 20:14:58 UTC 2014


Put users in do_auth and manage them there instead.  Import ConfigParser to
add/remove users as needed.  Can even cross reference a database if needed.


On Thu, May 22, 2014 at 12:41 PM, Asif Iqbal <vadud3 at gmail.com> wrote:

> On Thu, May 22, 2014 at 12:48 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>
> >
> >
> >
> > On Thu, May 22, 2014 at 12:27 PM, heasley <heas at shrubbery.net> wrote:
> >
> >> Thu, May 22, 2014 at 12:26:10PM -0400, Asif Iqbal:
> >> > Any one has tool to manage user accounts on tac_plus.conf?
> >> >
> >> > Looking for adding/deleting multiple users.
> >> >
> >> > Adding/Modifying/Deleting them manually with an editor is painful.
> >>
> >> why not do it in a database/elsewhere and export it to the config file?
> >>
> >
> > I would go with mysql then.
> >
> > Most of them are like below.
> > user = vtt2440 {
> >     login = PAM
> >     member = opsdb
> > }
> >
> > So creating a schema and inserting these data would be pretty simple
> >
> > CREATE TABLE Users (
> >         user varchar(20) primary key,
> >         login varchar(20),
> >         member varchar(20)
> > );
> >
> > INSERT INTO Users (`user`, `login`,`member`) VALUES ("vtt2440","PAM",
> > "opsdb");
> >
> > But I will need some help with parsing this into a txt file and then just
> > LOAD DATA INFILE
> > would save lot of time with ~2000 users.
> >
> >
> > However, how would I manage stanza like this? Should I just move those
> > cmds inside group
> > definition?
> >
> > user =  ssarepts {
> >         login = file /etc/tacacs-passwd
> >         cmd = terminal {
> >                 permit "length"
> >                 deny .*
> >         }
> >         cmd = show {
> >                 permit "interfaces|policy-map interface"
> >                 deny .*
> >         }
> >     cmd = exit {
> >         permit .*
> >     }
> > }
> >
> > So looks like really need help with parsing these and normalize to rows,
> > before I can insert them into database.
> >
> > Thanks for any help with parsing.
> >
>
>
> So, so far I managed to parse most of the users
>
>  import re
>  f = open ('tac_plus.conf','rb').read()
>
>  regex =
>
> re.compile('\s?\w*\s*=\s*(\w*)\s{\s+\w*\s*=\s*(\w*)\s+\w*\s*=\s*(\w*)\s+}',re.DOTALL|re.MULTILINE)
>
>  users = regex.findall(f)
>
>  for f in users:
>     print f
>
> So this gets me 1532 users out of 1760 users. I still need to improve the
> regex and could use some help.
>
> Thanks
>
>
>
> >
> > --
> > Asif Iqbal
> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> > A: Because it messes up the order in which people normally read text.
> > Q: Why is top-posting such a bad thing?
> >
> >
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140522/decbfebc/attachment.html
> >
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>


E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140522/bebcbcdd/attachment.html>


More information about the tac_plus mailing list