Merge pull request #2512 from zdc/T5577-sagitta

PAM: T5577: Backported PAM settings from circinus

1 files changed, 20 insertions, 0 deletions

diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
index a0eda9045..be0145b4f 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system-login.xml.in
@@ -244,6 +244,26 @@
                   </leafNode>
                 </children>
               </tagNode>
+              <leafNode name="security-mode">
+                <properties>
+                  <help>Security mode for TACACS+ authentication</help>
+                  <completionHelp>
+                    <list>mandatory optional</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>mandatory</format>
+                    <description>Deny access immediately if TACACS+ answers with REJECT</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>optional</format>
+                    <description>Pass to the next authentication method if TACACS+ answers with REJECT</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(mandatory|optional)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>optional</defaultValue>
+              </leafNode>
               #include <include/source-address-ipv4.xml.i>
               #include <include/radius-timeout.xml.i>
               #include <include/interface/vrf.xml.i>