[j-nsp] Enforcing CLI Idle-Timeouts

Stefan Fouant sfouant at gmail.com
Tue Jul 22 01:11:24 EDT 2008


Not too cumbersome... unless of course you're talking about deploying
it on hundreds of routers!

Luckily for me I only have to do this on 8 :)

On Tue, Jul 22, 2008 at 12:07 AM, Stacy W. Smith <stacy at acm.org> wrote:
> Defining a custom class with your specified idle-timeout and "permissions
> all" doesn't seem too cumbersome. That would be equivalent to the
> pre-defined super-user class, and I think it's your best bet.
>
> --Stacy
>
> On Jul 21, 2008, at 8:51 PM, Stefan Fouant wrote:
>
>> I hope the only other option isn't going to mean that I have to
>> configure a custom login class and assign the various CLI permissions.
>> That would be a real PITA. I wish there were some way to pass this
>> information off from our TACACS+ server but alas it seems that the
>> junos_exec service class has very limited command shell authorizations
>>
>> Hopefully someone on-list has found a solution....
>>
>>
>>
>> On 7/21/08, Christian Koch <christian at broknrobot.com> wrote:
>>>
>>> i tried this a while back and came across the same issue, i've yet to be
>>> able to find a 'hack' since..
>>>
>>> christian
>>>
>>>
>>>
>>> On Mon, Jul 21, 2008 at 4:56 PM, Stefan Fouant <sfouant at gmail.com> wrote:
>>>
>>>> Hey Folks,
>>>>
>>>> Wondering if anyone knows how to enforce CLI Idle-Timeouts on Juniper
>>>> using default login classes such as Super-User.  I see that there is a
>>>> command 'idle-timeout' which can be configured under a login class,
>>>> but I want to modify the default class 'super-user' which has a
>>>> default of idle-timeout 0/disabled.  It does not appear that I can
>>>> modify the default login classes.
>>>>
>>>> Anyone here ever attempt anything similar?
>>>>
>>>> --
>>>> Stefan Fouant
>>>> Principal Network Engineer
>>>> NeuStar, Inc. - http://www.neustar.biz
>>>> GPG Key ID: 0xB5E3803D
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>
>>>
>>
>> --
>> Sent from Gmail for mobile | mobile.google.com
>>
>> Stefan Fouant
>> Principal Network Engineer
>> NeuStar, Inc. - http://www.neustar.biz
>> GPG Key ID: 0xB5E3803D
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>



-- 
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D


More information about the juniper-nsp mailing list