On Wed, Nov 23, 2011 at 8:36 PM, James Harr <james.harr@gmail.com> wrote:
Second rancid.
+3
If SFTOS supports per-command authorization (via RADIUS/TACACS), you can
it does
limit the script account to only be able to use 'show run' and whatever else it needs (even when it logs in).
you can
That said, if you're looking for on-the-cheap, I haven't seen a free TACACS+ server that does authorization and was stable, so you'll probably have to compromise and give your script more permissions than it needs just to get the job done.
the cisco tacplus src server is a basic example... shrubbery.net's tacplus server is quite workable (and heasley keeps the code working/clean/adding-features) a simple config for 'just permit show run' is certainly possible with the shrubbery.net server... if you want example config pipe up. -chris
On Tue, Nov 22, 2011 at 1:40 PM, Jason Biel <jason@biel-tech.com> wrote:
Deploy RANCID?
On Tue, Nov 22, 2011 at 1:35 PM, Jon Heise <jon@smugmug.com> wrote:
Does anyone know of a method of automating config backups for force10 switches running SFTOS ? I've got an python expect script that works on our routers running FTOS, it uses a role account that can show the running configs without having to use the enable password. i could expand the script to use the enable password but i'm hesitant to have it lying around in a script
Jon Heise
-- Jason
-- ^[:wq^M