[tac_plus] restrict by time of the day

Asif Iqbal vadud3 at gmail.com
Sat Apr 8 22:29:46 UTC 2017 

I meant like below per tac_plus.conf man page

cmd-match
              Specify a command argument match.

                  <permission> <regex>
                  <permission> <regex>

In the regex may be some expression that become NUL based on timestamp? I
do not have any example.

Thanks for your help!



On Sat, Apr 8, 2017 at 6:22 PM, John Fraizer <john at op-sec.us> wrote:

> That is not supported by tac_plus.
>
> On Sat, Apr 8, 2017 at 3:21 PM Asif Iqbal <vadud3 at gmail.com> wrote:
>
>> I am not using do_auth.py yet. I was wondering if the regex can be used
>> to logic the time of the day permit will work until then?
>>
>> On Sat, Apr 8, 2017 at 4:42 PM, John Fraizer <john at op-sec.us> wrote:
>>
>> You could modify do_auth.py to do this.
>>
>> On Fri, Apr 7, 2017 at 4:15 PM Asif Iqbal <vadud3 at gmail.com> wrote:
>>
>> Hi
>>
>> Is there a way to restrict access to routers with tacacs config based on
>> time?
>>
>> So not allow someone to make any change to the config during work hours?
>>
>> I will need to apply something like that short from doing some config swap
>> with allow/deny as a cronjob.
>>
>> Thanks
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <http://www.shrubbery.net/pipermail/tac_plus/
>> attachments/20170407/3d926439/attachment.html>
>> _______________________________________________
>> tac_plus mailing list
>> tac_plus at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo/tac_plus
>>
>> --
>> --
>> John Fraizer
>> LinkedIn profile: http://www.linkedin.com/in/johnfraizer/
>>
>>
>>
>>
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>>
>> --
> --
> John Fraizer
> LinkedIn profile: http://www.linkedin.com/in/johnfraizer/
>
>
>


-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20170408/3b090ee8/attachment.html>

More information about the tac_plus mailing list