Aaa Authorization Ssh-Certificate - Cisco Nexus 7000 Series Command Reference Manual

A Commands

aaa authorization ssh-certificate

To configure the default AAA authorization method for TACACS+ or Lightweight Directory Access Protocol
(LDAP) servers, use the aaa authorization ssh-certificate command. To disable this configuration, use the
no form of this command.
aaa authorization ssh-certificate default {group group-list| local}
no aaa authorization ssh-certificate default {group group-list| local}
Syntax Description
group
group-list
local
Command Default
local
Command Modes
Global configuration
Command History
Release
5.0(2)
Usage Guidelines
To use this command, you must enable the TACACS+ feature using the feature tacacs+ command or the
LDAP feature using the feature ldap command.
The group tacacs+, group ldap, and group group-list methods refer to a set of previously defined TACACS+
and LDAP servers. Use the tacacs-server host command or ldap-server host command to configure the host
servers. Use the aaa group server command to create a named group of servers. Use the show aaa groups
command to display the server groups on the device.
If you specify more than one server group, the Cisco NX-OS software checks each group in the order that
you specify in the list. The local method is used only if all the configured server groups fail to respond and
you have configured local as the fallback method.
Specifies to use a server group for authorization.
Space-separated list of server groups. The list can
include the following:
• tacacs+ for all configured TACACS+ servers.
• ldap for all configured LDAP servers.
• Any configured TACACS+ or LDAP server
group name.
Specifies to use the local database for authentication.
Modification
This command was introduced.
Cisco Nexus 7000 Series Security Command Reference
aaa authorization ssh-certificate
43