On Wed, Nov 23, 2011 at 8:36 PM, James Harr <james.h...@gmail.com> wrote: > Second rancid.
+3 > If SFTOS supports per-command authorization (via RADIUS/TACACS), you can it does > limit the script account to only be able to use 'show run' and whatever > else it needs (even when it logs in). > you can > That said, if you're looking for on-the-cheap, I haven't seen a free > TACACS+ server that does authorization and was stable, so you'll probably > have to compromise and give your script more permissions than it needs just > to get the job done. the cisco tacplus src server is a basic example... shrubbery.net's tacplus server is quite workable (and heasley keeps the code working/clean/adding-features) a simple config for 'just permit show run' is certainly possible with the shrubbery.net server... if you want example config pipe up. -chris > On Tue, Nov 22, 2011 at 1:40 PM, Jason Biel <ja...@biel-tech.com> wrote: > >> Deploy RANCID? >> >> On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <j...@smugmug.com> wrote: >> >> > Does anyone know of a method of automating config backups for force10 >> > switches running SFTOS ? I've got an python expect script that works on >> our >> > routers running FTOS, it uses a role account that can show the running >> > configs without having to use the enable password. i could expand the >> > script to use the enable password but i'm hesitant to have it lying >> around >> > in a script >> > >> > Jon Heise >> > >> >> >> >> -- >> Jason >> > > > > -- > ^[:wq^M >
