NETCONF ACL to limit access to password hash #499
Assignees
Labels
triage
Pending investigation & classification (CCB)
Comments
mattiaswal
added a commit
that referenced
this issue
Oct 1, 2024
mattiaswal
added a commit
that referenced
this issue
Oct 1, 2024
mattiaswal
added a commit
that referenced
this issue
Oct 1, 2024
mattiaswal
added a commit
that referenced
this issue
Oct 2, 2024
mattiaswal
added a commit
that referenced
this issue
Oct 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Example: Custom DENY Rule
Deny reading password hash for non-administrators. (Untested)
nacm { groups { group admin { name "admin"; user-name [ "admin1", "admin2" ]; // Specify actual administrator usernames } } rule-list admin-rule-list { group "admin"; // Link to the admin group rule allow-admin-password-read { module-name "ietf-system"; path "/sys:system/sys:authentication/sys:user/sys:password"; access-operations "read"; // Specify operations you want to allow (read, write, etc.) action permit; // Actions can be 'permit' or 'deny' } } rule-list default-deny-all { group "*"; // Applies to all users rule deny-password-read { module-name "ietf-system"; path "/sys:system/sys:authentication/sys:user/sys:password"; access-operations "read"; // Specify operations you want to deny action deny; // Ensuring default deny all for password field } } }The text was updated successfully, but these errors were encountered: