...
The following set of rules permit services for the subnet 10.20.30 and denies all other connections unless an X.509 certificate is presented that maps to certificate ID operations.
Panel |
---|
Html bobswift |
---|
<pre>
ucmd_access 10.20.30.,*,*,allow,auth
ucmd_access ALL,*,*,deny,auth
ucmd_cert_access operations,*,allow,auth
ucmd_cert_access *,*,deny,auth
</pre>
|
|
When no certificate is presented that maps to a certificate ID, the following set of rules effectively permit connections from any host but has limited access from host 10.20.30.40 to user TS1004 on that host.
...
- Certificate ID joe is allowed to execute commands with any other local user ID with a password.
- Certificate ID operations cannot run anything.
- All other certificate IDs can execute commands with any user ID except for root with a password.
Panel |
---|
Html bobswift |
---|
<pre>
ucmd_access 10.20.30.40,TS1004,tsup1004,allow,noauth
ucmd_access 10.20.30.40,TS1004,*,allow,auth
ucmd_access 10.20.30.40,*,*,deny,auth
ucmd_access ALL,*,root,deny,auth
ucmd_cert_access joe,tsup1004,allow,noauth
ucmd_cert_access joe,*,allow,auth
ucmd_cert_access operations,*,deny,auth
ucmd_cert_access *,root,deny,auth
</pre>
|
|
Components
...