Wed, Nov 21, 2018 at 01:14:28PM -0800, Dan Mahoney (Gushi): > I'd like to create a "rancid" user for my (cisco, primarily IOS classic) > devices which has full privileges to do things like "show run", but that > has no ability to change the configs. > > I know this is possible to do as part of Tacplus, but as I only have three > or four devices, spinning up tacplus seems more complicated than need be. > (This is why I mentioned ssh, just in case -- all my users have local > privilege levels in the config). > > I'm sure this has been asked before, but my google-fu is failing me here. > > Bonus points if you know this for things like IOS-XR/XE or Junos.
in classic or xe, afaik, the only way is tacacs command authorization. they require level 15 to read the config - so.... though newer xe appears to have xr-like roles. for nx or xr, tacacs author or i _think_ its possible to create roles or askgroups (depending which you're smoking) particular to the perms that you want. that should be enough to seed your google foo. _______________________________________________ Rancid-discuss mailing list [email protected] http://www.shrubbery.net/mailman/listinfo/rancid-discuss
