Cisco Systems Servers Manuale Utente

7-29

Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide

78-13751-01, Version 3.0

Chapter 7 Setting Up and Managing User Accounts

Advanced User Authentication Settings

Configuring a PIX Command Authorization Set for a User

Use this procedure to specify the PIX command authorization set parameters for
a user. There are four basic options:

•

None—No authorization for PIX commands

•

Group—For this user, the group-level PIX command authorization set
applies

•

Assign a PIX Command Authorization Set for any network device—One
PIX command authorization set is assigned, and it applies to all network
devices

•

Assign a PIX Command Authorization Set on a per Network Device
Group Basis—Particular PIX command authorization sets are to be effective
on particular NDGs

Before You Begin

•

Ensure that a AAA client has been configured to use TACACS+ as the
security control protocol.

•

In the Advanced Options section of Interface Configuration, ensure that the
Per-user TACACS+/RADIUS Attributes check box is selected.

•

In the TACACS+ (Cisco) section of Interface Configuration, ensure that the
PIX Shell (pixShell) option is selected in the User column.

•

Ensure that you have previously configured one or more PIX command
authorization sets. For detailed steps, see the

“Command Authorization Sets

Configuration” section on page 5-14

To specify PIX command authorization set parameters for a user, follow these
steps:

Step 1

Perform Steps 1 through 3 of the

“Adding a Basic User Account” section on

page 7-5

Result: The User Setup Edit page opens. The username being added or edited
appears at the top of the page.

Step 2

Scroll down to the TACACS+ Settings table and to the PIX Command
Authorization Set feature area within it.

Step 3

To prevent the application of any PIX command authorization set, select (or
accept the default of) the None option.