7-29
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter7 Setting Up and Managing User Accounts Advanced User Authentication Settings
Configuring a PIX Command Authorization Set for a User
Use this procedure to specify the PIX command authorization set parameters for
a user. There are four basic options:
NoneNo authorization for PIX commands
GroupFor this user, the group-level PIX command authorization set
applies
Assign a PIX Command Authorization Set for any network deviceOne
PIX command authorization set is assigned, and it applies to all network
devices
Assign a PIX Command Authorization Set on a per Network Device
Group BasisParticular PIX command authorization sets are to be effective
on particular NDGs
Before You Begin
Ensure that a AAA client has been configured to use TACACS+ as the
security control protocol.
In the Advanced Options section of Interface Configuration, ensure that the
Per-user TACACS+/RADIUS Attributes check box is selected.
In the TACACS+ (Cisco) section of Interface Configuration, ensure that the
PIX Shell (pixShell) option is selected in the User column.
Ensure that you have previously configured one or more PIX command
authorization sets. For detailed steps, see the Command Authorization Sets
Configuration section on page 5-14.
To specify PIX command authorization set parameters for a user, follow these
steps:
Step 1 Perform Steps 1 through 3 of the Adding a Basic User Account section on
page 7-5.
Result: The User Setup Edit page opens. The username being added or edited
appears at the top of the page.
Step 2 Scroll down to the TACACS+ Settings table and to the PIX Command
Authorization Set feature area within it.
Step 3 To prevent the application of any PIX command authorization set, select (or
accept the default of) the None option.