[tac_plus] tacacs truncating some commands before performing authorization check
Mason Moody
mmoody at staff.atlantic.net
Fri Sep 2 14:20:24 UTC 2016
Hi, all,
I'm running TACACS+ version 4.0.4.28 on Ubuntu 16.04, and I'm seeing in
my testing of command authorization some odd truncation of commands. The
relevant portion of my config limits a group of users to certain 'no'
commands, in particular, 'no switchport mode access'. The config line
looks like this:
cmd = no {
...
permit "switchport mode access <cr>"
...
}
My TACACS logs show that when I run the 'no switchport mode access'
command from a Cisco 3550 (running IOS 12.2(44)SE6), I get an
authorization failure result. The relevant log result shows that the
command that's being compared against doesn't include the last term:
[27071]: line 228 compare no permit 'switchport mode access <cr>' &
'switchport mode <cr>' no match
The Cisco logs record the full command:
%PARSER-5-CFGLOG_LOGGEDCMD: User:tmonkey logged command:switchport mode
access
Has anyone seen anything like this before?
--
____________
Mason Moody
Network Security Engineer
Atlantic.Net
Phone: 800-422-2936 x4431
Int'l: +1-321-206-3731
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20160902/c3d196ba/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Anet_logo_side-by-side.gif
Type: image/gif
Size: 1113 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20160902/c3d196ba/attachment.gif>
More information about the tac_plus
mailing list