I think he meant the difference in the changes is negligible (like 3 set statements). Either solution you deploy (both set scripts) you'll still have to deploy to hundreds of routers. Look into Shrubbery's RANCID for a super-fast way to do that.
-Ben -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stefan Fouant Sent: Tuesday, July 22, 2008 12:11 AM To: Stacy W. Smith Cc: Juniper-Nsp Subject: Re: [j-nsp] Enforcing CLI Idle-Timeouts Not too cumbersome... unless of course you're talking about deploying it on hundreds of routers! Luckily for me I only have to do this on 8 :) On Tue, Jul 22, 2008 at 12:07 AM, Stacy W. Smith <[EMAIL PROTECTED]> wrote: > Defining a custom class with your specified idle-timeout and > "permissions all" doesn't seem too cumbersome. That would be > equivalent to the pre-defined super-user class, and I think it's your best bet. > > --Stacy > > On Jul 21, 2008, at 8:51 PM, Stefan Fouant wrote: > >> I hope the only other option isn't going to mean that I have to >> configure a custom login class and assign the various CLI permissions. >> That would be a real PITA. I wish there were some way to pass this >> information off from our TACACS+ server but alas it seems that the >> junos_exec service class has very limited command shell >> authorizations >> >> Hopefully someone on-list has found a solution.... >> >> >> >> On 7/21/08, Christian Koch <[EMAIL PROTECTED]> wrote: >>> >>> i tried this a while back and came across the same issue, i've yet >>> to be able to find a 'hack' since.. >>> >>> christian >>> >>> >>> >>> On Mon, Jul 21, 2008 at 4:56 PM, Stefan Fouant <[EMAIL PROTECTED]> wrote: >>> >>>> Hey Folks, >>>> >>>> Wondering if anyone knows how to enforce CLI Idle-Timeouts on >>>> Juniper using default login classes such as Super-User. I see that >>>> there is a command 'idle-timeout' which can be configured under a >>>> login class, but I want to modify the default class 'super-user' >>>> which has a default of idle-timeout 0/disabled. It does not appear >>>> that I can modify the default login classes. >>>> >>>> Anyone here ever attempt anything similar? >>>> >>>> -- >>>> Stefan Fouant >>>> Principal Network Engineer >>>> NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D >>>> _______________________________________________ >>>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp >>>> >>> >> >> -- >> Sent from Gmail for mobile | mobile.google.com >> >> Stefan Fouant >> Principal Network Engineer >> NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp > > -- Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp *************************************************************************************** The information contained in this message, including attachments, may contain privileged or confidential information that is intended to be delivered only to the person identified above. If you are not the intended recipient, or the person responsible for delivering this message to the intended recipient, Windstream requests that you immediately notify the sender and asks that you do not read the message or its attachments, and that you delete them without copying or sending them to anyone else. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
