Merge pull request #2256 from zdc/T5577-circinus

T5577: Optimized PAM configs for RADIUS/TACACS+
author: Christian Breunig <christian@breunig.cc> 2023-09-29 07:26:31 +0200
committer: GitHub <noreply@github.com> 2023-09-29 07:26:31 +0200
commit: 400df973d3518e9f18cb84b52ca89e08a399e461 (patch)
tree: 9b9e06d73009065ecbac1d5a4da2cb94018d7e53 /interface-definitions
parent: fed59f9bddead060275f368de69e4e4470015ca9 (diff)
parent: 784fb7dc2ccc63789ed85d803e3ae41eef0e0253 (diff)
download: vyos-1x-400df973d3518e9f18cb84b52ca89e08a399e461.tar.gz
vyos-1x-400df973d3518e9f18cb84b52ca89e08a399e461.zip
2 files changed, 40 insertions, 0 deletions
diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
index efd418bb2..a0cdcd7c3 100644
--- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
+++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
@@ -46,6 +46,26 @@
         <multi/>
       </properties>
     </leafNode>
+    <leafNode name="security-mode">
+      <properties>
+        <help>Security mode for RADIUS authentication</help>
+        <completionHelp>
+          <list>mandatory optional</list>
+        </completionHelp>
+        <valueHelp>
+          <format>mandatory</format>
+          <description>Deny access immediately if RADIUS answers with Access-Reject</description>
+        </valueHelp>
+        <valueHelp>
+          <format>optional</format>
+          <description>Pass to the next authentication method if RADIUS answers with Access-Reject</description>
+        </valueHelp>
+        <constraint>
+          <regex>(mandatory|optional)</regex>
+        </constraint>
+      </properties>
+      <defaultValue>optional</defaultValue>
+    </leafNode>
   </children>
 </node>
 <!-- include end -->
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
index 71db8b1d6..30fea91b0 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system-login.xml.in
@@ -259,6 +259,26 @@
                   </constraint>
                 </properties>
               </leafNode>
+              <leafNode name="security-mode">
+                <properties>
+                  <help>Security mode for TACACS+ authentication</help>
+                  <completionHelp>
+                    <list>mandatory optional</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>mandatory</format>
+                    <description>Deny access immediately if TACACS+ answers with REJECT</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>optional</format>
+                    <description>Pass to the next authentication method if TACACS+ answers with REJECT</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(mandatory|optional)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>optional</defaultValue>
+              </leafNode>
               #include <include/radius-timeout.xml.i>
               #include <include/interface/vrf.xml.i>
             </children>
author	Christian Breunig <christian@breunig.cc>	2023-09-29 07:26:31 +0200
committer	GitHub <noreply@github.com>	2023-09-29 07:26:31 +0200
commit	400df973d3518e9f18cb84b52ca89e08a399e461 (patch)
tree	9b9e06d73009065ecbac1d5a4da2cb94018d7e53 /interface-definitions
parent	fed59f9bddead060275f368de69e4e4470015ca9 (diff)
parent	784fb7dc2ccc63789ed85d803e3ae41eef0e0253 (diff)
download	vyos-1x-400df973d3518e9f18cb84b52ca89e08a399e461.tar.gz vyos-1x-400df973d3518e9f18cb84b52ca89e08a399e461.zip