A post-authorization script for tac_plus to allow greater flexibility in TACACS+ authentication and authorization controls.
GNU General Public License v3.0
25
stars
9
forks
source link
Wishlist - Recursion on groups #4
Open
helpdeskdan opened 10 years ago
Groups should inherit from other groups. "sub_group" attribute that can be checked for existence.
Currently, we don't do this. Let's say we have a multi-vendor environment. Each user would need a long statement:
homer = brocade_tier1 juniper_tier1 dell_tier1 no_name_piece_ofjunk tier1
Alternatively, you can create one file per access level and just do the assignment in your tac_plus.conf file. http://www.shrubbery.net/pipermail/tac_plus/2014-April/001427.html