[j-nsp] Enforcing CLI Idle-Timeouts

Tue Jul 22 09:12:33 EDT 2008

I think he meant the difference in the changes is negligible (like 3 set
statements).  Either solution you deploy (both set scripts) you'll still
have to deploy to hundreds of routers.  Look into Shrubbery's RANCID for
a super-fast way to do that.

-Ben

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Stefan Fouant
Sent: Tuesday, July 22, 2008 12:11 AM
To: Stacy W. Smith
Cc: Juniper-Nsp
Subject: Re: [j-nsp] Enforcing CLI Idle-Timeouts

Not too cumbersome... unless of course you're talking about deploying it
on hundreds of routers!

Luckily for me I only have to do this on 8 :)

On Tue, Jul 22, 2008 at 12:07 AM, Stacy W. Smith <stacy at acm.org> wrote:
> Defining a custom class with your specified idle-timeout and 
> "permissions all" doesn't seem too cumbersome. That would be 
> equivalent to the pre-defined super-user class, and I think it's your
best bet.
>
> --Stacy
>
> On Jul 21, 2008, at 8:51 PM, Stefan Fouant wrote:
>
>> I hope the only other option isn't going to mean that I have to 
>> configure a custom login class and assign the various CLI
permissions.
>> That would be a real PITA. I wish there were some way to pass this 
>> information off from our TACACS+ server but alas it seems that the 
>> junos_exec service class has very limited command shell 
>> authorizations
>>
>> Hopefully someone on-list has found a solution....
>>
>>
>>
>> On 7/21/08, Christian Koch <christian at broknrobot.com> wrote:
>>>
>>> i tried this a while back and came across the same issue, i've yet 
>>> to be able to find a 'hack' since..
>>>
>>> christian
>>>
>>>
>>>
>>> On Mon, Jul 21, 2008 at 4:56 PM, Stefan Fouant <sfouant at gmail.com>
wrote:
>>>
>>>> Hey Folks,
>>>>
>>>> Wondering if anyone knows how to enforce CLI Idle-Timeouts on 
>>>> Juniper using default login classes such as Super-User.  I see that

>>>> there is a command 'idle-timeout' which can be configured under a 
>>>> login class, but I want to modify the default class 'super-user' 
>>>> which has a default of idle-timeout 0/disabled.  It does not appear

>>>> that I can modify the default login classes.
>>>>
>>>> Anyone here ever attempt anything similar?
>>>>
>>>> --
>>>> Stefan Fouant
>>>> Principal Network Engineer
>>>> NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D 
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net 
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>
>>>
>>
>> --
>> Sent from Gmail for mobile | mobile.google.com
>>
>> Stefan Fouant
>> Principal Network Engineer
>> NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>

--
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

***************************************************************************************

The information contained in this message, including attachments, may contain 
privileged or confidential information that is intended to be delivered only to the 
person identified above. If you are not the intended recipient, or the person 
responsible for delivering this message to the intended recipient, Windstream requests 
that you immediately notify the sender and asks that you do not read the message or its 
attachments, and that you delete them without copying or sending them to anyone else.