21a37f2216
Taken from tasic@planka.carrier.kiev.ua + some modifications by me (style, patch additions to compile cleanly, pkg/*) added convert utility to port/package to enable people to do migrations, if needed, see the docu for details. PR: 13716 Submitted by: tasic@planka.carrier.kiev.ua
80 lines
2.2 KiB
Text
80 lines
2.2 KiB
Text
# /usr/local/etc/tac_plus.conf
|
|
|
|
# This is example from old version of tac_plus. It will work
|
|
# but config file have new features. I recomend to read
|
|
# /usr/local/share/doc/tac_plus/users_guide
|
|
|
|
user=fred {
|
|
name = "Fred Flintstone"
|
|
login = des mEX027bHtzTlQ
|
|
|
|
# Remember that authorization is also recursive over groups, in
|
|
# the same way that password lookups are recursive. Thus, if you
|
|
# place a user in a group, the daemon will look in the group for
|
|
# authorization parameters if it cannot find them in the user
|
|
# declaration.
|
|
member = admin
|
|
|
|
expires = "May 23 2005"
|
|
|
|
service = exec {
|
|
# When Fred starts an exec, his connection access list is 5
|
|
acl = 5
|
|
|
|
# We require this autocmd to be done at startup
|
|
autocmd = "telnet foo"
|
|
}
|
|
|
|
# All commands except telnet 131.108.13.* are denied for Fred
|
|
cmd = telnet {
|
|
# Fred can run the following telnet command
|
|
permit 131\.108\.13\.[0-9]+
|
|
|
|
deny .*
|
|
}
|
|
|
|
service = ppp protocol = ip {
|
|
# Fred can run ip over ppp only if he uses one
|
|
# of the following mandatory addresses If he supplies no
|
|
# address, the first one here will be mandated
|
|
addr=131.108.12.11
|
|
addr=131.108.12.12
|
|
addr=131.108.12.13
|
|
addr=131.108.12.14
|
|
|
|
# Fred's mandatory input access list number is 101
|
|
inacl=101
|
|
|
|
# We will suggest an output access list of 102, but Fred may
|
|
# choose to ignore or override it
|
|
optional outacl=102
|
|
}
|
|
|
|
service = slip {
|
|
# Fred can run slip. When he does, he will have to use
|
|
# these mandatory access lists
|
|
inacl=101
|
|
outacl=102
|
|
}
|
|
|
|
# set a timeout in the lcp layer of ppp
|
|
service = ppp protocol = lcp {
|
|
timeout = 10
|
|
}
|
|
}
|
|
|
|
user = wilma {
|
|
# Wilma has no password of her own, but she's a group member so
|
|
# she'll use the group password if there is one. Same for her
|
|
# password expiry date
|
|
member = admin
|
|
}
|
|
|
|
group = admin {
|
|
# group members who don't have their own password will be looked
|
|
# up in /etc/passwd
|
|
login = file /etc/passwd
|
|
|
|
# group members who have no expiry date set will use this one
|
|
expires = "Jan 1 1998"
|
|
}
|