Chapter 7
User Management
Configuring a PIX Command Authorization Set for a User
Step 1
Step 2
Step 3
78-16592-01
Use this procedure to specify the PIX command authorization set parameters for
a user. There are four options:
None—No authorization for PIX commands.
•
Group—For this user, the group-level PIX command authorization set
•
applies.
Assign a PIX Command Authorization Set for any network device—One
•
PIX command authorization set is assigned, and it applies to all network
devices.
Assign a PIX Command Authorization Set on a per Network Device
•
Group Basis—Particular PIX command authorization sets are to be effective
on particular NDGs.
Before You Begin
Make sure that a AAA client is configured to use TACACS+ as the security
•
control protocol.
In the Advanced Options section of Interface Configuration, make sure that
•
the Per-user TACACS+/RADIUS Attributes check box is selected.
In the TACACS+ (Cisco) section of Interface Configuration, make sure that
•
the PIX Shell (pixShell) option is selected in the User column.
Make sure that you have configured one or more PIX command authorization
•
sets. For detailed steps, see
page
5-31.
To specify PIX command authorization set parameters for a user, follow these
steps:
Perform Step 1 through Step 3 of
The User Setup Edit page opens. The username being added or edited is at the top
of the page.
Scroll down to the TACACS+ Settings table and to the PIX Command
Authorization Set feature area within it.
To prevent the application of any PIX command authorization set, select (or
accept the default of) the None option.
Advanced User Authentication Settings
Adding a Command Authorization Set,
Adding a Basic User Account, page
User Guide for Cisco Secure ACS for Windows Server
7-4.
7-29