...
...
Universal Control Server for UNIX Anchor |
---|
| 106744510676451067445 |
---|
| 1067645 |
---|
|
The following set of rules permit services for the subnet 10.20.30 and denies all other connections unless an X.509 certificate is presented that maps to certificate ID operations.
Panel |
---|
uctl_access 10.20.30.,*,*,allow,auth
uctl_access ALL,*,*,deny,auth
uctl_cert_access operations,*,allow,auth
uctl_cert_access *,*,deny,auth |
Anchor |
---|
| 106745210676521067452 |
---|
| 1067652 |
---|
|
When no certificate is presented that maps to a certificate ID, the following set of rules effectively permits connections from any host, but has limited access from host 10.20.30.40 to user
TS1004 on that host.
- No host can execute commands as local user root.
- User TS1004 on host 10.20.30.40 can execute commands as local user tsup1004 without providing the password.
- User TS1004 from host 10.20.30.40 can execute commands as any local user by providing the local user password.
Anchor |
---|
| 106745510676551067455 |
---|
| 1067655 |
---|
|
When a certificate is presented that maps to a certificate ID, certificate ID
joe can request local user id t*sup1004* without a password.
...