Authentication Prompts

Authentication Prompts
The auth-prompt command is used to configure the exact text used when the user is
challenged to authenticate, successfully authenticates, or does not authenticate. This
command sets the text for FTP, HTTP, and Telnet session authentication. The syntax of this
command is
auth-prompt [prompt | accept | reject] string
Example 18-6 Configuring Virtual HTTP Inbound Connections
PIXFirewall(config)# ip address outside 192.168.1.1 255.255.255.0
PIXFirewall(config)# ip address inside 10.10.10.1 255.255.255.0
PIXFirewall(config)# global (outside) 1 192.168.1.20-192.168.1.40 netmask 255.255.255.0
PIXFirewall(config)# nat (inside) 1 0 0 0 0
PIXFirewall(config)# aaa-server TACACS+ protocol tacacs+
PIXFirewall(config)# aaa-server TACACS+ (DMZ) host 172.16.1.2 abc123 timeout 20
PIXFirewall(config)# static (inside, outside) 192.168.1.5 10.10.10.5 netmask
255.255.255.255 0 0
PIXFirewall(config)# aaa authentication include any outside 192.168.1.5 255.255.255.255
0 0 TACACS+
PIXFirewall(config)# access-list WebTest permit tcp any host 192.168.1.5 eq www
PIXFirewall(config)# access-group WebTest in interface outside
PIXFirewall(config)# virtual http 192.168.1.5
NOTE To remove the virtual HTTP from the configuration, enter no virtual http.
Configuring AAA on the Cisco Security Appliance 553
The string is the text that is displayed. It can be up to 235 characters in length for FTP and
Telnet connections. It is limited to 120 characters for HTTP connections using Netscape
Navigator, and it is limited to 37 characters for HTTP connections using Microsoft Internet
Explorer. The string should not include any special characters. It ends either by typing a
question mark (?) or by pressing the Enter key.
The auth-prompt command has three options:
■ prompt—Configures the text that is displayed when the user is prompted to authenticate:
“Access to this location is restricted, please provide username and password.”
■ accept—Configures the text that is displayed if the user successfully authenticates using
a Telnet session: “User Authentication complete, please continue.” No text is displayed
for authentication using FTP or HTTP.
■ reject—Configures the text that is displayed if the user is unable to successfully
authenticate using a Telnet session: “Authentication unsuccessful; if you feel that you
have received this message in error, please contact your systems administrator.” The text
for FTP and HTTP authentication sessions cannot be configured on the Security
Appliance.