...
...
Universal Command Server for UNIX| Anchor |
|---|
| 106730610676061067306 |
|---|
| 1067606 |
|---|
|
The following set of rules permit services for the subnet 10.20.30 and denies all other connections unless an X.509 certificate is presented that maps to certificate ID operations.
| Panel |
|---|
ucmd_access 10.20.30.,*,*,allow,auth
ucmd_access ALL,*,*,deny,auth
ucmd_cert_access operations,*,allow,auth
ucmd_cert_access *,*,deny,auth |
| Anchor |
|---|
| 106731110676111067311 |
|---|
| 1067611 |
|---|
|
When no certificate is presented that maps to a certificate ID, the following set of rules effectively permit connections from any host but has limited access from host 10.20.30.40 to user TS1004 on that host.
- No host can execute commands as local user root.
- User TS1004 on host 10.20.30.40 can execute commands as local user tsup1004 without providing the password.
- Users TS1004 from host 10.20.30.40 can execute commands as any local user by providing the local user password.
| Anchor |
|---|
| 106731210676121067312 |
|---|
| 1067612 |
|---|
|
When a certificate is presented that maps to a certificate ID, certificate ID joe can request local user ID tsup1004 without a password.
...
Components
Universal Command Server for UNIX
