infix icon indicating copy to clipboard operation
infix copied to clipboard
verified publisher icon kernelkit

NETCONF ACL to limit access to password hash

Open troglobit opened this issue 1 year ago • 0 comments

Example: Custom DENY Rule

Deny reading password hash for non-administrators. (Untested)

nacm {
  groups {
    group admin {
      name "admin";
      user-name [ "admin1", "admin2" ];  // Specify actual administrator usernames
    }
  }

  rule-list admin-rule-list {
    group "admin";  // Link to the admin group
    rule allow-admin-password-read {
      module-name "ietf-system";
      path "/sys:system/sys:authentication/sys:user/sys:password";
      access-operations "read";  // Specify operations you want to allow (read, write, etc.)
      action permit;  // Actions can be 'permit' or 'deny'
    }
  }

  rule-list default-deny-all {
    group "*";  // Applies to all users
    rule deny-password-read {
      module-name "ietf-system";
      path "/sys:system/sys:authentication/sys:user/sys:password";
      access-operations "read";  // Specify operations you want to deny
      action deny;  // Ensuring default deny all for password field
    }
  }
}

troglobit avatar Jul 02 '24 10:07 troglobit