[j-nsp] Using TACACS to prevent deactivate/activate statements?
German Martinez
gmartine at ajax.opentransit.net
Mon Nov 10 11:04:54 EST 2008
On Tue Apr 22, 2008, Brian Pavane wrote:
Hello Brian,
Did you have any luck with this task? Anything that you are willing
to share is really welcome
Thanks
German
> I am currently working on a security profile, that requires me to
> prohibit certain deactivate/activate commands to be issued by a certain
> class of users. I am looking to add this to my current TACACS
> configuration (tac_plus), however I have been unable as of yet to get
> the router to properly authorize these commands.
>
> From what I can tell, these need to be placed in the "deny-commands"
> section rather than the "deny-configuration" section of TACACS... but I
> may be wrong (I've tried both).
>
> Has anyone done this in the past? If so, could you share this portion
> of your tacacs.conf?
>
> Thank you.
>
> -Brian
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20081110/3d25f574/attachment-0001.bin>
More information about the juniper-nsp
mailing list