diff options
Diffstat (limited to 'net/tac_plus4/files/tac_plus.conf.example')
| -rw-r--r-- | net/tac_plus4/files/tac_plus.conf.example | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/net/tac_plus4/files/tac_plus.conf.example b/net/tac_plus4/files/tac_plus.conf.example new file mode 100644 index 0000000..0d7b273 --- /dev/null +++ b/net/tac_plus4/files/tac_plus.conf.example @@ -0,0 +1,76 @@ +# /usr/local/etc/tac_plus.conf + +user=fred { + name = "Fred Flintstone" + login = des mEX027bHtzTlQ + + # Remember that authorization is also recursive over groups, in + # the same way that password lookups are recursive. Thus, if you + # place a user in a group, the daemon will look in the group for + # authorization parameters if it cannot find them in the user + # declaration. + member = admin + + expires = "May 23 2005" + + service = exec { + # When Fred starts an exec, his connection access list is 5 + acl = 5 + + # We require this autocmd to be done at startup + autocmd = "telnet foo" + } + + # All commands except telnet 131.108.13.* are denied for Fred + cmd = telnet { + # Fred can run the following telnet command + permit 131\.108\.13\.[0-9]+ + + deny .* + } + + service = ppp protocol = ip { + # Fred can run ip over ppp only if he uses one + # of the following mandatory addresses If he supplies no + # address, the first one here will be mandated + addr=131.108.12.11 + addr=131.108.12.12 + addr=131.108.12.13 + addr=131.108.12.14 + + # Fred's mandatory input access list number is 101 + inacl=101 + + # We will suggest an output access list of 102, but Fred may + # choose to ignore or override it + optional outacl=102 + } + + service = slip { + # Fred can run slip. When he does, he will have to use + # these mandatory access lists + inacl=101 + outacl=102 + } + + # set a timeout in the lcp layer of ppp + service = ppp protocol = lcp { + timeout = 10 + } +} + +user = wilma { + # Wilma has no password of her own, but she's a group member so + # she'll use the group password if there is one. Same for her + # password expiry date + member = admin +} + +group = admin { + # group members who don't have their own password will be looked + # up in /etc/passwd + login = file /etc/passwd + + # group members who have no expiry date set will use this one + expires = "Jan 1 1998" +} |
