Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04 Configuration Manual page 447

aaa authorization
Copyright © 2010, Juniper Networks, Inc.
Name the list default.
Assign a different name to the authentication list, and assign the new list to the vty
line using the login authentication command.
The authentication methods that you can use in a list include these options: radius,
line, tacacs+, none, and enable.
The system traverses the list of authentication methods to determine whether a user
is allowed to start a Telnet session. If a specific method is available but the user
information is not valid (such as an incorrect password), the system does not continue
to traverse the list and denies the user a session.
If a specific method is unavailable, the system continues to traverse the list. For example,
if tacacs+ is the first authentication type element on the list and the TACACS+ server
is unreachable, the system attempts to authenticate with the next authentication type
on the list, such as radius.
The system assumes an implicit denial of service if it reaches the end of the
authentication list without finding an available method.
Example
host1(config)#aaa authentication login my_auth_list tacacs+ radius line none
Use the no version to remove the authentication list from your configuration.
See aaa authentication login.
Use to set the parameters that restrict access to a network.
Use the keyword exec to determine if the user is allowed to run Exec mode commands.
The commands that you can execute from Exec mode provide only user-level access.
Use the keyword commands to run authorization for all commands at the specified
privilege level (0–15). See Table 45 on page 407 for a description of privilege levels.
You can enter up to three authorization types to use in an authorization method list.
Options include: if-authenticated, none, and tacacs+.
NOTE: For information about TACACS+, see JunosE Broadband Access
Configuration Guide.
Authorization method lists define the way authorization is performed and the sequence
in which the methods are performed. You can designate one or more security protocols
in the method list to be used for authorization. If the initial method fails, the next method
in the list is used. The process continues until either there is successful communication
with a listed authorization method or all methods defined are exhausted.
Example
host1(config)#aaa authorization exec
Chapter 7: Passwords and Security
417