7-29
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 7 Setting Up and Managing User Accounts
Advanced User Authentication Settings
Configuring a PIX Command Authorization Set for a User
Use this procedure to specify the PIX command authorization set parameters for
a user. There are four basic options:
• None—No authorization for PIX commands
• Group—For this user, the group-level PIX command authorization set
applies
• Assign a PIX Command Authorization Set for any network device—One
PIX command authorization set is assigned, and it applies to all network
devices
• Assign a PIX Command Authorization Set on a per Network Device
Group Basis—Particular PIX command authorization sets are to be effective
on particular NDGs
Before You Begin
• Ensure that a AAA client has been configured to use TACACS+ as the
security control protocol.
• In the Advanced Options section of Interface Configuration, ensure that the
Per-user TACACS+/RADIUS Attributes check box is selected.
• In the TACACS+ (Cisco) section of Interface Configuration, ensure that the
PIX Shell (pixShell) option is selected in the User column.
• Ensure that you have previously configured one or more PIX command
authorization sets. For detailed steps, see the “Command Authorization Sets
Configuration” section on page 5-14.
To specify PIX command authorization set parameters for a user, follow these
steps:
Step 1 Perform Steps 1 through 3 of the “Adding a Basic User Account” section on
page 7-5.
Result: The User Setup Edit page opens. The username being added or edited
appears at the top of the page.
Step 2 Scroll down to the TACACS+ Settings table and to the PIX Command
Authorization Set feature area within it.
Step 3 To prevent the application of any PIX command authorization set, select (or
accept the default of) the None option.
