forked from chaoskao/sonic-pam-tacacs-dev
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtac_plus.conf
72 lines (58 loc) · 1.62 KB
/
tac_plus.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Created by Henry-Nicolas Tourneur(henry.nicolas@tourneur.be)
# See man(5) tac_plus.conf for more details
# Define where to log accounting data, this is the default.
accounting file = /var/log/tac_plus.acct
# This is the key that clients have to use to access Tacacs+
key = testing123
# Use /etc/passwd file to do authentication
#default authentication = file /etc/passwd
# You can use feature like per host key with different enable passwords
#host = 127.0.0.1 {
# key = test
# type = cisco
# enable = <des|cleartext> enablepass
# prompt = "Welcome XXX ISP Access Router \n\nUsername:"
#}
# We also can define local users and specify a file where data is stored.
# That file may be filled using tac_pwd
#user = test1 {
# name = "Test User"
# member = staff
# login = file /etc/tacacs/tacacs_passwords
#}
# We can also specify rules valid per group of users.
#group = group1 {
# cmd = conf {
# deny
# }
#}
# Another example : forbid configure command for some hosts
# for a define range of clients
#group = group1 {
# login = PAM
# service = ppp
# protocol = ip {
# addr = 10.10.0.0/24
# }
# cmd = conf {
# deny .*
# }
#}
user = DEFAULT {
login = PAM
service = ppp protocol = ip {}
}
user = testguy {
default service = permit
login = cleartext abcd1234
pap = cleartext abcd1234
service = exec {
priv-lvl = 15
}
service = shell {
priv-lvl = 15
}
}
# Much more features are availables, like ACL, more service compatibilities,
# commands authorization, scripting authorization.
# See the man page for those features.