[nsp] enable commands as non-enable user?

Jon.Maiman@inrange.com Jon.Maiman@inrange.com
Mon, 12 Aug 2002 15:38:55 -0400


This is a multipart message in MIME format.
--=_alternative 006D443985256C13_=
Content-Type: text/plain; charset="us-ascii"

It is very handy for Enterprises to be able to verify configurations from 
their service providers even though they don't have the rights to make 
changes (and shouldn't have the rights).     I have used this capability 
on behave of my clients many times to help prevent and straighten out 
misunderstandings.


                                                                ---Jon
 




"Josh Duffek" <jduffek@cisco.com>
Sent by: cisco-nsp-admin@puck.nether.net
08/12/02 03:02 PM

 
        To:     "Bruce Campbell" <bruce.campbell@ripe.net>, <cisco-nsp@puck.nether.net>, 
"Barry Bruins" <bbruins@cisco.com>
        cc: 
        Subject:        Re: [nsp] enable commands as non-enable user?


well the thing is...ios figures if you arent priveledged enough to change
the config, why should you get to look at it...did you try with "sh 
config"
and "sh run" or just one of em?  (sorry i dont have time to test myself
right now)

joshd

----- Original Message -----
From: "Barry Bruins" <bbruins@cisco.com>
To: "Josh Duffek" <jduffek@cisco.com>; "Bruce Campbell"
<bruce.campbell@ripe.net>; <cisco-nsp@puck.nether.net>
Sent: Monday, August 12, 2002 1:44 PM
Subject: Re: [nsp] enable commands as non-enable user?


> Ughh.  I'm embarrassed.  You're right.  It may require a TACACS+ server
> in the mix.
>
> Barry
>
> At 01:06 PM 8/12/2002 -0500, Josh Duffek wrote:
> >just fyi...im 99% sure you cant do this for "sh run"...but i never 
tried
for
> >"sh config".
> >
> >joshd
> >
> >----- Original Message -----
> >From: "Barry Bruins" <bbruins@cisco.com>
> >To: "Bruce Campbell" <bruce.campbell@ripe.net>;
<cisco-nsp@puck.nether.net>
> >Sent: Monday, August 12, 2002 12:24 PM
> >Subject: Re: [nsp] enable commands as non-enable user?
> >
> >
> >> Use the privilege command to set the show running-config to another
level.
> >>
> >> Barry
> >>
> >> At 06:29 PM 8/12/2002 +0200, Bruce Campbell wrote:
> >>
> >> >Greetings,
> >> >
> >> >I'm wanting to allow a dedicated non-enabled user to be able to 
'show
> >> >conf' (run through all the routers and save the conf nightly).  Is
this
> >> >possible via AAA (tacacs+)?  ( the AAA overview on cco isn't that
clear
> >on
> >> >whether this is possible or not)
> >> >
> >> >--==--
> >> >Bruce.
> >> >
> >> >_______________________________________________
> >> >cisco-nsp mailing list  real_name)s@puck.nether.net
> >> >http://puck.nether.net/mailman/listinfo/cisco-nsp
> >> >archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >
> >_______________________________________________
> >cisco-nsp mailing list  real_name)s@puck.nether.net
> >http://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

_______________________________________________
cisco-nsp mailing list  real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



--=_alternative 006D443985256C13_=
Content-Type: text/html; charset="us-ascii"


<br><font size=2 face="sans-serif">It is very handy for Enterprises to be able to verify configurations from their service providers even though they don't have the rights to make changes (and shouldn't have the rights). &nbsp; &nbsp; I have used this capability on behave of my clients many times to help prevent and straighten out misunderstandings.</font>
<br>
<br>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ---Jon</font>
<br><font size=2 face="sans-serif">&nbsp; </font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>&quot;Josh Duffek&quot; &lt;jduffek@cisco.com&gt;</b></font>
<br><font size=1 face="sans-serif">Sent by: cisco-nsp-admin@puck.nether.net</font>
<p><font size=1 face="sans-serif">08/12/02 03:02 PM</font>
<br>
<td><font size=1 face="Arial">&nbsp; &nbsp; &nbsp; &nbsp; </font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; To: &nbsp; &nbsp; &nbsp; &nbsp;&quot;Bruce Campbell&quot; &lt;bruce.campbell@ripe.net&gt;, &lt;cisco-nsp@puck.nether.net&gt;, &quot;Barry Bruins&quot; &lt;bbruins@cisco.com&gt;</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; cc: &nbsp; &nbsp; &nbsp; &nbsp;</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Subject: &nbsp; &nbsp; &nbsp; &nbsp;Re: [nsp] enable commands as non-enable user?</font></table>
<br>
<br>
<br><font size=2 face="Courier New">well the thing is...ios figures if you arent priveledged enough to change<br>
the config, why should you get to look at it...did you try with &quot;sh config&quot;<br>
and &quot;sh run&quot; or just one of em? &nbsp;(sorry i dont have time to test myself<br>
right now)<br>
<br>
joshd<br>
<br>
----- Original Message -----<br>
From: &quot;Barry Bruins&quot; &lt;bbruins@cisco.com&gt;<br>
To: &quot;Josh Duffek&quot; &lt;jduffek@cisco.com&gt;; &quot;Bruce Campbell&quot;<br>
&lt;bruce.campbell@ripe.net&gt;; &lt;cisco-nsp@puck.nether.net&gt;<br>
Sent: Monday, August 12, 2002 1:44 PM<br>
Subject: Re: [nsp] enable commands as non-enable user?<br>
<br>
<br>
&gt; Ughh. &nbsp;I'm embarrassed. &nbsp;You're right. &nbsp;It may require a TACACS+ server<br>
&gt; in the mix.<br>
&gt;<br>
&gt; Barry<br>
&gt;<br>
&gt; At 01:06 PM 8/12/2002 -0500, Josh Duffek wrote:<br>
&gt; &gt;just fyi...im 99% sure you cant do this for &quot;sh run&quot;...but i never tried<br>
for<br>
&gt; &gt;&quot;sh config&quot;.<br>
&gt; &gt;<br>
&gt; &gt;joshd<br>
&gt; &gt;<br>
&gt; &gt;----- Original Message -----<br>
&gt; &gt;From: &quot;Barry Bruins&quot; &lt;bbruins@cisco.com&gt;<br>
&gt; &gt;To: &quot;Bruce Campbell&quot; &lt;bruce.campbell@ripe.net&gt;;<br>
&lt;cisco-nsp@puck.nether.net&gt;<br>
&gt; &gt;Sent: Monday, August 12, 2002 12:24 PM<br>
&gt; &gt;Subject: Re: [nsp] enable commands as non-enable user?<br>
&gt; &gt;<br>
&gt; &gt;<br>
&gt; &gt;&gt; Use the privilege command to set the show running-config to another<br>
level.<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Barry<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; At 06:29 PM 8/12/2002 +0200, Bruce Campbell wrote:<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; &gt;Greetings,<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt;I'm wanting to allow a dedicated non-enabled user to be able to 'show<br>
&gt; &gt;&gt; &gt;conf' (run through all the routers and save the conf nightly). &nbsp;Is<br>
this<br>
&gt; &gt;&gt; &gt;possible via AAA (tacacs+)? &nbsp;( the AAA overview on cco isn't that<br>
clear<br>
&gt; &gt;on<br>
&gt; &gt;&gt; &gt;whether this is possible or not)<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt;--==--<br>
&gt; &gt;&gt; &gt;Bruce.<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt;_______________________________________________<br>
&gt; &gt;&gt; &gt;cisco-nsp mailing list &nbsp;real_name)s@puck.nether.net<br>
&gt; &gt;&gt; &gt;http://puck.nether.net/mailman/listinfo/cisco-nsp<br>
&gt; &gt;&gt; &gt;archive at http://puck.nether.net/pipermail/cisco-nsp/<br>
&gt; &gt;&gt;<br>
&gt; &gt;<br>
&gt; &gt;_______________________________________________<br>
&gt; &gt;cisco-nsp mailing list &nbsp;real_name)s@puck.nether.net<br>
&gt; &gt;http://puck.nether.net/mailman/listinfo/cisco-nsp<br>
&gt; &gt;archive at http://puck.nether.net/pipermail/cisco-nsp/<br>
&gt;<br>
&gt;<br>
<br>
_______________________________________________<br>
cisco-nsp mailing list &nbsp;real_name)s@puck.nether.net<br>
http://puck.nether.net/mailman/listinfo/cisco-nsp<br>
archive at http://puck.nether.net/pipermail/cisco-nsp/<br>
</font>
<br>
<br>
--=_alternative 006D443985256C13_=--