Группа :: Система/Серверы
Пакет: tac_plus
навигация по пакетам
Главная Изменения Спек Патчи Исходники Загрузить Gear Bugs and FR Repocop
#key = "your key here"
accounting file = /var/log/tac.acct
# authentication users not appearing elsewhere via
# the file /etc/passwd
#default authentication = file /etc/passwd
acl = default {
#permit = 192\.168\.0\.
permit = 192\.168\.2\.1
}
# Example of host-specific configuration:
host = 192.168.2.1 {
prompt = "Enter your Unix username and password, Username: "
# Enable password for the router, generate a new one with tac_pwd
#enable = des 4P8MBRmulyloo
}
# Group that is allowed to do most configuration on all interfaces etc.
group = admin {
# group members who don't have their own login password will be
# looked up in /etc/passwd
#login = file /etc/passwd
login = PAM
# group members who have no expiry date set will use this one
#expires = "Jan 1 1997"
# only allow access to specific routers
acl = default
# Needed for the router to make commands available to user (subject
# to authorization if so configured on the router
service = exec {
priv-lvl = 15
#default service = permit
}
cmd = username {
permit .*
}
cmd = enable {
permit .*
}
cmd = show {
permit .*
}
cmd = exit {
permit .*
}
cmd = configure {
permit .*
}
cmd = interface {
permit .*
}
cmd = switchport {
permit .*
}
cmd = description {
permit .*
}
cmd = no {
permit shutdown
}
}
# A group that can change some limited configuration on switchports
# related to host-side network configuration
group = sysadmin {
# group members who don't have their own login password will be
# looked up in /etc/passwd:
#login = file /etc/passwd
# or authenticated via PAM:
login = PAM
acl = default
# Needed for the router to make commands available to user (subject
# to authorization if so configured on the router
service = exec {
priv-lvl = 15
}
cmd = enable {
permit .*
}
cmd = show {
permit .*
}
cmd = exit {
permit .*
}
cmd = configure {
permit .*
}
cmd = interface {
permit FastEthernet.*
permit GigabitEthernet.*
}
cmd = switchport {
permit "access vlan.*"
permit "trunk encapsulation.*"
permit "mode.*"
permit "trunk allowed vlan.*"
}
cmd = description {
permit .*
}
cmd = no {
permit shutdown
}
}
user = joe {
login = PAM
#member = sysadmin
member = admin
}
user = fred {
login = PAM
member = sysadmin
}
# User account configured for use with "rancid"
user = rancid {
# Generate a new password with tac_pwd
#login = des LXUxLCkFhGpwA
service = exec {
priv-lvl = 15
}
cmd = show { permit .* }
cmd = exit { permit .* }
cmd = dir { permit .* }
cmd = write { permit term }
}
# Global enable level 15 password, generate a new one with tac_pwd
user = $enab15$ {
#login = des 97cZOIgSXU/4I
}
#user = DEFAULT {
# login = PAM
#member = default
#}