Cisco 3.3 User Manual
Page 275
7-29
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 7 User Management
Advanced User Authentication Settings
Configuring a PIX Command Authorization Set for a User
Use this procedure to specify the PIX command authorization set parameters for
a user. There are four options:
•
None—No authorization for PIX commands.
•
Group—For this user, the group-level PIX command authorization set
applies.
•
Assign a PIX Command Authorization Set for any network device—One
PIX command authorization set is assigned, and it applies to all network
devices.
•
Assign a PIX Command Authorization Set on a per Network Device
Group Basis—Particular PIX command authorization sets are to be effective
on particular NDGs.
Before You Begin
•
Make sure that a AAA client is configured to use TACACS+ as the security
control protocol.
•
In the Advanced Options section of Interface Configuration, make sure that
the Per-user TACACS+/RADIUS Attributes check box is selected.
•
In the TACACS+ (Cisco) section of Interface Configuration, make sure that
the PIX Shell (pixShell) option is selected in the User column.
•
Make sure that you have configured one or more PIX command authorization
sets. For detailed steps, see
Adding a Command Authorization Set,
To specify PIX command authorization set parameters for a user, follow these
steps:
Step 1
Perform Step 1 through Step 3 of
Adding a Basic User Account, page 7-4
The User Setup Edit page opens. The username being added or edited is at the top
of the page.
Step 2
Scroll down to the TACACS+ Settings table and to the PIX Command
Authorization Set feature area within it.
Step 3
To prevent the application of any PIX command authorization set, select (or
accept the default of) the None option.