[c-nsp] Limiting Tacacs groups per device
Peter Rathlev
peter at rathlev.dk
Tue Jun 7 17:48:22 EDT 2011
On Tue, 2011-06-07 at 20:19 +0000, Brian Raaen wrote:
> We have a situation where we have two groups of engineers. One set
> needs full access to all customer devices we manage.
> The second set needs full access to most devices we manage except
> where the customer has requested they not make config changes.
> I am working with a server admin to set up a tacacs server using
> tac_plus and I am unsure of best way to implement this functionality.
> I see some information about pre or post authentication scripts but
> clear cut information is a bit hard to find.
You can use ACLs in tac_plus.conf, though I'm not certain exactly what
you want to achieve. Here's an example configuration to peruse:
http://ampere.rathlev.dk/tac_plus-example.conf
--
Peter
More information about the cisco-nsp
mailing list