Configuring Cisco Secure ACS to Support
TACACS+ Command Authorization
Before configuring command allotment for groups or users, you charge to
enable per-user TACACS+/RADIUS attributes by abyssal to the Interface
Configuration | Advanced Options window and selecting the Per-user
TACACS+/RADIUS Attributes analysis box, as apparent in Figure 5.23. Click
the Submit button to complete the configuration.
You additionally charge to accredit the TACACS+ carapace (exec) advantage by abyssal to
the Interface Agreement | TACACS+ (Cisco IOS) window and
selecting the User and/or Group analysis boxes abutting to the Carapace (exec) option, as
shown in Figure 5.24. Click the Submit button to complete the configuration.
www.syngress.com
254 Chapter 5 • Authentication, Authorization, and Accounting
www.syngress.com
Figure 5.23 Cisco Secure ACS: Enabling Per-User TACACS+/RADIUS Attributes
Figure 5.24 Cisco Secure ACS: Enabling TACACS+ Carapace (exec) Option