Table of Contents
Advertisement
Chapter 7
Setting Up and Managing User Accounts
Configuring a PIX Command Authorization Set for a User
Step 1
Step 2
Step 3
78-13751-01, Version 3.0
Use this procedure to specify the PIX command authorization set parameters for
a user. There are four basic options:
•
None—No authorization for PIX commands
•
Group—For this user, the group-level PIX command authorization set
applies
•
Assign a PIX Command Authorization Set for any network device—One
PIX command authorization set is assigned, and it applies to all network
devices
Assign a PIX Command Authorization Set on a per Network Device
•
Group Basis—Particular PIX command authorization sets are to be effective
on particular NDGs
Before You Begin
Ensure that a AAA client has been configured to use TACACS+ as the
•
security control protocol.
In the Advanced Options section of Interface Configuration, ensure that the
•
Per-user TACACS+/RADIUS Attributes check box is selected.
In the TACACS+ (Cisco) section of Interface Configuration, ensure that the
•
PIX Shell (pixShell) option is selected in the User column.
Ensure that you have previously configured one or more PIX command
•
authorization sets. For detailed steps, see the
Configuration" section on page
To specify PIX command authorization set parameters for a user, follow these
steps:
Perform Steps 1 through 3 of the
page
7-5.
Result: The User Setup Edit page opens. The username being added or edited
appears at the top of the page.
Scroll down to the TACACS+ Settings table and to the PIX Command
Authorization Set feature area within it.
To prevent the application of any PIX command authorization set, select (or
accept the default of) the None option.
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
Advanced User Authentication Settings
"Command Authorization Sets
5-14.
"Adding a Basic User Account" section on
7-29
Advertisement
Table of Contents
Troubleshooting
