cisco.asa
cisco.asa copied to clipboard
Support for login method of privilege escalation
SUMMARY
Provide a parameter that will enable use of the "login" feature of ASA for privilege escalation.
ISSUE TYPE
- Feature Idea
COMPONENT NAME
Applicable to all modules where privilege escalation is used
ADDITIONAL INFORMATION
The "become_method" for ASA seems to be limited to "enable". If a certain aaa command is not configured, this requires a different password than the user who logged in initially, and does not retain the user when escalating privilege. Adding a "login" method would require just one more prompt interaction. Instead of:
some-cisco-asa-fw> enable
Password: *********
some-cisco-asa-fw#
It would be:
some-cisco-asa-fw> login
Username: auser
Password: *********
some-cisco-asa-fw#
With the username and password being the original ansible_user and the password being the original ansible_ssh_pass, and no need for an ansible_become_pass
- name: run some asa commands
cisco.asa.asa_command:
commands:
- show run aaa
cisco_login: true