Kentrox AI296 User Manual

AI296 Version 9.8x User’s Guide

AI296 Commands: aaa

9-7

authen

Enables or disables TACACS+ authentication for AI296 command shell
access. TACACS+ authentication may be enabled on all connections,
or on a connection type basis. By default, TACACS+ authentication is
disabled on all connection types. The following parameters are
accepted:

z

all

—Enables or disables TACACS+ authentication on all

connection types.



Note: If no connection type is specified,

all

is automatically

selected.

z

async

—Enables or disables TACACS+ authentication on

asynchronous link connections.

z

disable

—Disables TACACS+ authentication.

z

enable

—Enables TACACS+ authentication.

z

ftp

—Enables or disables TACACS+ authentication on FTP

connections.

z

telnet

—Enables or disables TACACS+ authentication on Telnet

connections.

author

Configures the TACACS+ authorization method for the AI296 shell.
The authorization method can be either privilege level or
per-command. Privilege level authorization is based on the priv-lvl
returned from the TACACS+ server. Per-command authorization
requires AI296 to contact the TACACS+ server for each shell command
run by a user. Individual commands are then allowed or denied.



Note: Authorization is performed only on the connection types that

have enabled authentication. For information about enabling
authentication, refer to command

aaa authen

.

The following parameters are accepted:

z

command

—Configures the TACACS+ authorization method that

requires to contact the TACACS+ server for each shell command
run by a user. Individual commands are then allowed or denied.

z

priv-lvl

—Configures the TACACS+ authorization method based

on the priv-lvl returned from the TACACS+ server.

chpass

Changes the current user’s password on the TACACS+ server.



Note: The TACACS+ server may not support, or be configured to

support, password changes.