7-29
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 7 User Management
Advanced User Authentication Settings
Configuring a PIX Command Authorization Set for a User
Use this procedure to specify the PIX command authorization set parameters for
a user. There are four options:
• None—No authorization for PIX commands.
• Group—For this user, the group-level PIX command authorization set
applies.
• Assign a PIX Command Authorization Set for any network device—One
PIX command authorization set is assigned, and it applies to all network
devices.
• Assign a PIX Command Authorization Set on a per Network Device
Group Basis—Particular PIX command authorization sets are to be effective
on particular NDGs.
Before You Begin
• Make sure that a AAA client is configured to use TACACS+ as the security
control protocol.
• In the Advanced Options section of Interface Configuration, make sure that
the Per-user TACACS+/RADIUS Attributes check box is selected.
• In the TACACS+ (Cisco) section of Interface Configuration, make sure that
the PIX Shell (pixShell) option is selected in the User column.
• Make sure that you have configured one or more PIX command authorization
sets. For detailed steps, see Adding a Command Authorization Set,
page 5-31.
To specify PIX command authorization set parameters for a user, follow these
steps:
Step 1 Perform Step 1 through Step 3 of Adding a Basic User Account, page 7-4.
The User Setup Edit page opens. The username being added or edited is at the top
of the page.
Step 2 Scroll down to the TACACS+ Settings table and to the PIX Command
Authorization Set feature area within it.
Step 3 To prevent the application of any PIX command authorization set, select (or
accept the default of) the None option.
