aboutsummaryrefslogtreecommitdiff
path: root/net/tac_plus4/files/tac_plus.conf.example
blob: 0d7b273210a650db120213c8b7e070118c31e48d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# /usr/local/etc/tac_plus.conf

user=fred {
    name = "Fred Flintstone"
    login = des mEX027bHtzTlQ

    # Remember that authorization is also recursive over groups, in
    # the same way that password lookups are recursive. Thus, if you
    # place a user in a group, the daemon will look in the group for
    # authorization parameters if it cannot find them in the user
    # declaration.
    member = admin

    expires = "May 23 2005"
 
    service = exec {
        # When Fred starts an exec, his connection access list is 5
        acl = 5
 
        # We require this autocmd to be done at startup
        autocmd = "telnet foo"
    }
 
    # All commands except telnet 131.108.13.* are denied for Fred
    cmd = telnet {
        # Fred can run the following telnet command
        permit 131\.108\.13\.[0-9]+

        deny .*
    }
 
    service = ppp protocol = ip {
        # Fred can run ip over ppp only if he uses one 
        # of the following mandatory addresses If he supplies no
        # address, the first one here will be mandated
        addr=131.108.12.11
        addr=131.108.12.12
        addr=131.108.12.13
        addr=131.108.12.14
 
        # Fred's mandatory input access list number is 101
        inacl=101
 
        # We will suggest an output access list of 102, but Fred may
        # choose to ignore or override it
        optional outacl=102
    }

    service = slip {
        # Fred can run slip. When he does, he will have to use
        # these mandatory access lists
        inacl=101
        outacl=102
    }
 
    # set a timeout in the lcp layer of ppp
    service = ppp protocol = lcp {
        timeout = 10
    }
}

user = wilma {
    # Wilma has no password of her own, but she's a group member so
    # she'll use the group password if there is one. Same for her
    # password expiry date
    member = admin
}
 
group = admin {
    # group members who don't have their own password will be looked
    # up in /etc/passwd
    login = file /etc/passwd
 
    # group members who have no expiry date set will use this one
    expires = "Jan 1 1998"
}