Chapter 7 Setting Up and Managing User Accounts
Advanced User Authentication Settings
7-28
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Configuring a PIX Command Authorization Set for a User
Use this procedure to specify the PIX command authorization set parameters for
a user. There are four options:
• None—No authorization for PIX commands.
• Group—For this user, the group-level PIX command authorization set
applies.
• Assign a PIX Command Authorization Set for any network device—One
PIX command authorization set is assigned, and it applies to all network
devices.
• Assign a PIX Command Authorization Set on a per Network Device
Group Basis—Particular PIX command authorization sets are to be effective
on particular NDGs.
Before You Begin
• Ensure that a AAA client has been configured to use TACACS+ as the
security control protocol.
• In the Advanced Options section of Interface Configuration, ensure that the
Per-user TACACS+/RADIUS Attributes check box is selected.
• In the TACACS+ (Cisco) section of Interface Configuration, ensure that the
PIX Shell (pixShell) option is selected in the User column.
• Ensure that you have already configured one or more PIX command
authorization sets. For detailed steps, see Command Authorization Sets
Configuration, page 5-16.
To specify PIX command authorization set parameters for a user, follow these
steps:
Step 1 Perform Step 1 through Step 3 of Adding a Basic User Account, page 7-5.
Result: The User Setup Edit page opens. The username being added or edited is
at the top of the page.
Step 2 Scroll down to the TACACS+ Settings table and to the PIX Command
Authorization Set feature area within it.
Step 3 To prevent the application of any PIX command authorization set, select (or
accept the default of) the None option.
To Next Page
Loading...
