Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user IT Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Macro name changed from html to html-bobswift during server to cloud migration processing.

...

Anchor
1067306
1067306
The following set of rules permit services for the subnet 10.20.30 and denies all other connections unless an X.509 certificate is presented that maps to certificate ID operations.

Panel

Html bobswift

<pre>
ucmd_access     10.20.30.,*,*,allow,auth
ucmd_access     ALL,*,*,deny,auth

ucmd_cert_access  operations,*,allow,auth
ucmd_cert_access  *,*,deny,auth
</pre>


Anchor
1067311
1067311
When no certificate is presented that maps to a certificate ID, the following set of rules effectively permit connections from any host but has limited access from host 10.20.30.40 to user TS1004 on that host.

...

  • Certificate ID joe is allowed to execute commands with any other local user ID with a password.
  • Certificate ID operations cannot run anything.
  • All other certificate IDs can execute commands with any user ID except for root with a password.
Panel

Html bobswift

<pre>
ucmd_access     10.20.30.40,TS1004,tsup1004,allow,noauth
ucmd_access     10.20.30.40,TS1004,*,allow,auth
ucmd_access     10.20.30.40,*,*,deny,auth
ucmd_access     ALL,*,root,deny,auth

ucmd_cert_access   joe,tsup1004,allow,noauth
ucmd_cert_access   joe,*,allow,auth
ucmd_cert_access   operations,*,deny,auth
ucmd_cert_access   *,root,deny,auth
</pre>

Anchor
1078847
1078847
Components

...