I have an example of how to do that with do_auth on taca.... ah #*@&.
Never mind.
password. I wonder if Pam can authenticate Tacacs? If your org is so bass
authenticate Pam set to query the other tacacs server. (I also work Gov)
Post by heasleyPost by Alan McKinnonHave the tacacs admins create a single tacacs user "rancid" with very
restricted permissions. You can look in the various *rancid scripts for
@commandtable which lists the exact commands used - permit those and
deny everything else. Enter the creds for this rancid user in
~rancid/.cloginrc
% rancid -t cisco -C foo
clogin -t 90 -c 'show version;show redundancy secondary;show idprom
backplane;show install active;show env all;show rsp chassis-info;show gsr
chassis;show diag chassis-info;show boot;show bootvar;show variables
boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir
/all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all
disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all
sup-bootdisk:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all
slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all
slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all
slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all
sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all
sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir
/all sec-disk2:;show controllers;show controllers cbus;show diagbus;show
diag;show capture;show module;show spe version;show c7200;show inventory
raw;show vtp s
tatus;show vlan;show vlan-switch;show switch detail;show sdm prefer;show
system mtu;show debug;show shun;more system:running-config;show
running-config view full;show running-config;write term' foo
% fnrancid -C foo
fnlogin -t 90 -c'get system status;show full-configuration' foo
also see etc/rancid.types.base
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss