[j-nsp] allow-command question
Guy Davies
Guy.Davies at telindus.co.uk
Thu Jul 31 15:39:38 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> On Thu, Jul 31, 2003 at 08:59:37AM +0200, Hannes Gredler wrote:
> > On Mon, Jul 28, 2003 at 11:09:51AM -0400, Jared Mauch wrote:
> > | IMHO, you should never disallow quit.
> > |
> > | ie: juniper should make it always available.
> >
> > behave differnt than the regexp does dictate ?
> >
> > i was under the impression that customer do
> > prefer predictability over fool-protection ?
>
> I agree with that in everything except the ability to 'quit'
>
> You shouldn't be able to telnet/ssh/whatnot into a device but
> not be able to exit gracefully.
I'm with Jared on this one. There are no circumstances I can think of under
which it would be necessary to *prevent* someone from being able to quit. I
don't know how trivial (or otherwise) it would be to make quit and exception
within the regexp behaviour. I would have thought that some implicit regexp
entries which exclude quit from a "deny-commands" would do the trick.
In all other aspects, I want determinism. This is just the situation where
common sense should take precedence over the technically pure solution.
Regards,
Guy
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPykcGo3dwu/Ss2PCEQK1jwCgnXGWMIFbljr5SQPgcwtJMsfsuhsAn2h7
M2OHhoYTM1O1PhObQ3BTWFB4
=Fpe4
-----END PGP SIGNATURE-----
More information about the juniper-nsp
mailing list