Alan DeKok wrote:
Is there a way to force only group router-ro and router-rw can login?Switch the entries around: DEFAULT Group == router-ro Fall-Through = Yes, cisco-avpair := "shell:priv-lvl=7" DEFAULT Group == router-rw Fall-Through = Yes, cisco-avpair := "shell:priv-lvl=15" DEFAULT Auth-Type = System Service-Type = NAS-Prompt-User
This won't work, as Auth-Type = System will act as the clean-up default. All other Unix users will be able to login, except they have privilege = 1. I read through users(5) few times, not sure if there's a way that I can avoid this. Can you give more hints?
Norman