Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user IT Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Macro name changed from html to html-bobswift during server to cloud migration processing.

...

Anchor
1066831
1066831
The following set of rules permit services for the subnet 10.20.30 and denies all other connections unless an X.509 certificate is presented that maps to certificate ID operations.

Panel

Html bobswift

<pre>
uctl_access     10.20.30.,*,*,allow,auth
uctl_access     ALL,*,*,deny,auth

uctl_cert_access  operations,*,allow,auth
uctl_cert_access  *,*,deny,auth
</pre>


Anchor
1066838
1066838
When no certificate is presented that maps to a certificate ID, the following set of rules effectively permit connections from any host, but has limited access from host 10.20.30.40 to user TS1004 on that host.

...

  • Certificate ID joe is allowed to execute commands with any other local user ID with a password.
  • Certificate ID operations cannot run anything.
  • All other certificate IDs can execute commands with any user ID except for SUPERID with a password.
Panel

Html bobswift

<pre>
uctl_access     10.20.30.40,TS1004,tsup1004,allow,noauth
uctl_access     10.20.30.40,TS1004,*,allow,auth
uctl_access     10.20.30.40,*,*,deny,auth
uctl_access     ALL,*,root,deny,auth

uctl_cert_access   joe,tsup1004,allow,noauth
uctl_cert_access   joe,*,allow,auth
uctl_cert_access   operations,*,deny,auth
uctl_cert_access   *,root,deny,auth
</pre>

Anchor
1078648
1078648
Components

...