[TACACS+]: Add configuration support for TACACS+ #125
Conversation
* Add config and show commands for TACACS+ * Add hostcfgd to listen configDB for TACACS+ and AAA, modify the pam configuration for Authentication in host. Signed-off-by: chenchen.qcc@alibaba-inc.com
* Add help comments for TACACS+ command * Use 'default' command to recover TACACS+ configuration Signed-off-by: chenchen.qcc@alibaba-inc.com
* The method set_entry in class ConfigDBConnector has changed to update all column key-value tuples. Modify the config command to adapt to this API change. Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
|
Move hostcfgd to sonic-buildimage [TACACS+]: Add configDB enforcer for TACACS+ #1214 |
|
can you resolve the conflict? also can you list all command list provided in your commit message. |
|
@jleveque to review. |
* Command list
config aaa authentication login [{tacacs+, local} | default]
config aaa authentication failthrough [enable | disable | default]
config tacacs passkey <TEXT>
config tacacs authtype [pap | chap | mschap]
config tacacs timeout <0-60>
config tacacs add <ip_address> --port <1–65535>
--timeout <1–60>
--key <TEXT>
--type [pap | chap | mschap]
--pri <1-64>
config tacacs delete <ip_address>
show aaa
show tacacs
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
liuqu
force-pushed
the
feature/tacacs+
branch
from
bf2c6f3 to
4aafaa2
Compare
|
@lguohan The conflict has been resolved. The command list is amended to the last commit message. |
config/aaa.py
Outdated
| return True | ||
|
|
||
|
|
||
| def set_entry(table, entry, data): |
There was a problem hiding this comment.
the semantic of set_entry is changed in this sonic-net/sonic-py-swsssdk@b7861cc.
if you still want to use the existing semantic, you can use mod_entry added in this sonic-net/sonic-py-swsssdk#25
There was a problem hiding this comment.
Cool, it's better to use mod_entry.
* Replace set_entry with mod_entry when modify the specific key-value pair in configdb. Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
| @click.command() | ||
| @click.argument('option', type=click.Choice(["enable", "disable", "default"])) | ||
| def failthrough(option): | ||
| """Allow AAA fail-through [enable | disable | default]""" |
There was a problem hiding this comment.
what is the default value here? enable/disable?
There was a problem hiding this comment.
gulv@str-s6000-on-4:~$ show aaa
AAA authentication login tacacs+,local
when it is set to default, what is the actual value? enable or disable? same question for failthrough
There was a problem hiding this comment.
The default value means there is no value for this configuration in configdb. For AAA authentication, the default is local authentication. For AAA fail-through, the default is enable.
I will add all the default value in the show command.
show/main.py
Outdated
| entry = data[row] | ||
| for key in entry: | ||
| output += ('AAA %s %s %s\n' % (row, key, str(entry[key]))) | ||
|
|
There was a problem hiding this comment.
can we print out the default values for fallback and fallthough?
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
Without this change, leds were only set when an event happened. Given that power supplies are assumed present by default, leds would never be set to `green`. Instead they would have been left in the state the platform initialization left them (e.g `off`)
[SONIC_SFP] adding support for writing the eeprom address space inside sfputilbase.
Add config and show commands for TACACS+
Add hostcfgd to listen configDB for TACACS+ and AAA, modify the
pam configuration for Authentication in host.
Signed-off-by: chenchen.qcc@alibaba-inc.com