Filter
Top Products
Alteon OS Application Guide
Chapter 1: Accessing the Switch
5142C4911, January 2007
The following rules apply to TACACS+ command authorization and logging:
Only commands from a Console, Telnet, or SSH connection are sent for authorization and
logging. SNMP, BBI, or file-copy commands (for example, TFTP or sync) are not sent.
Only leaf-level commands are sent for authorization and logging. For example, /cfg is
not sent, but /cfg/l3/tacacs/cauth is sent.
The full path of each command is sent for authorization and logging. For example,
/cfg/sys/tacacs/cauth
Command arguments are not sent for authorization. For /cauth ena, only /cauth is
authorized. The command and its first argument are logged, if issued on the same line.
Only executed commands are logged.
Invalid commands are checked by Alteon OS, and are not sent for authorization or log-
ging.
Authorization is performed on each leaf-level command separately. If the user issues mul-
tiple commands at once, each command is sent separately as a full path.
Only the following global commands are sent for authorization and logging:
apply
diff
ping
revert
save
telnet
traceroute
TACACS+ Password Change
Alteon OS supports TACACS+ password change. When enabled, users can change
their passwords after successful TACACS+ authorization. Use the command
/cfg/sys/tacacs/passch to enable or disable this feature.
Use the following commands to change the password for the primary and secondary
TACACS+ servers:
>> # /cfg/sys/tacacs/chpass_p (Change primary TACACS+ password)
>> # /cfg/sys/tacacs/chpass_s (Change secondary TACACS+ password)