On Thu, Nov 24, 2011 at 12:03 PM, Christopher Morrow <morrowc.li...@gmail.com> wrote: > On Wed, Nov 23, 2011 at 8:36 PM, James Harr <james.h...@gmail.com> wrote: >> Second rancid. > > +3 > >> If SFTOS supports per-command authorization (via RADIUS/TACACS), you can > > it does > >> limit the script account to only be able to use 'show run' and whatever >> else it needs (even when it logs in). >> > > you can > >> That said, if you're looking for on-the-cheap, I haven't seen a free >> TACACS+ server that does authorization and was stable, so you'll probably >> have to compromise and give your script more permissions than it needs just >> to get the job done. > > the cisco tacplus src server is a basic example... > shrubbery.net's tacplus server is quite workable (and heasley keeps > the code working/clean/adding-features) > > a simple config for 'just permit show run' is certainly possible with > the shrubbery.net server... if you want example config pipe up.
I should have included: <http://www.shrubbery.net/tac_plus/> and there are some decent example configs available (I think john payne had some posted/updated, this query seems to show a bunch of positive results: <https://www.google.com/search?client=ubuntu&channel=fs&q=john+payne+tacplus&ie=utf-8&oe=utf-8> > -chris > >> On Tue, Nov 22, 2011 at 1:40 PM, Jason Biel <ja...@biel-tech.com> wrote: >> >>> Deploy RANCID? >>> >>> On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <j...@smugmug.com> wrote: >>> >>> > Does anyone know of a method of automating config backups for force10 >>> > switches running SFTOS ? I've got an python expect script that works on >>> our >>> > routers running FTOS, it uses a role account that can show the running >>> > configs without having to use the enable password. i could expand the >>> > script to use the enable password but i'm hesitant to have it lying >>> around >>> > in a script >>> > >>> > Jon Heise >>> > >>> >>> >>> >>> -- >>> Jason >>> >> >> >> >> -- >> ^[:wq^M >> >
