aaa authorization ssh-certificate
To configure the default AAA authorization method for TACACS+ or Lightweight Directory Access Protocol
(LDAP) servers, use the aaa authorization ssh-certificate command. To disable this configuration, use the
no form of this command.
aaa authorization ssh-certificate default {group group-list| local}
no aaa authorization ssh-certificate default {group group-list| local}
Syntax Description
Specifies to use a server group for authorization.group
Space-separated list of server groups. The list can
include the following:
•
tacacs+ for all configured TACACS+ servers.
•
ldap for all configured LDAP servers.
•
Any configured TACACS+ or LDAP server
group name.
group-list
Specifies to use the local database for authentication.local
Command Default
local
Command Modes
Global configuration
Command History
ModificationRelease
This command was introduced.5.0(2)
Usage Guidelines
To use this command, you must enable the TACACS+ feature using the feature tacacs+ command or the
LDAP feature using the feature ldap command.
The group tacacs+, group ldap, and group group-list methods refer to a set of previously defined TACACS+
and LDAP servers. Use the tacacs-server host command or ldap-server host command to configure the host
servers. Use the aaa group server command to create a named group of servers. Use the show aaa groups
command to display the server groups on the device.
If you specify more than one server group, the Cisco NX-OS software checks each group in the order that
you specify in the list. The local method is used only if all the configured server groups fail to respond and
you have configured local as the fallback method.
Cisco Nexus 7000 Series Security Command Reference
43
A Commands
aaa authorization ssh-certificate
To Next Page
Loading...
