Defining the Carapace Command Allotment Set
Now that you accept enabled the all-important options aural the Cisco Secure ACS
HTML interface, you are accessible to ascertain the carapace command allotment set
that identifies the commands a user can use. Navigate to the Shared Profile
Components window and baddest Carapace Command Allotment Sets, as
shown in Figure 5.25.
Within the Carapace Command Allotment Sets window, bang the Add
button to ascertain a new allotment set, as apparent in Figure 5.26.
Within the Carapace Command Allotment Set Edit window, blazon the name
of the command set in the Name argument box and an alternative description in the
Description argument box, as apparent in Figure 5.27.
NOTE
The name of the carapace command allotment set can accommodate up to 32
characters after any arch or abaft spaces. The afterward special
characters cannot be acclimated in the name: # ? “ * > <
www.syngress.com
Figure 5.25 Cisco Secure ACS: Shared Profile Components Window
256 Chapter 5 • Authentication, Authorization, and Accounting
www.syngress.com
Figure 5.26 Cisco Secure ACS: Carapace Command Allotment Sets Window
Figure 5.27 Cisco Secure ACS: Naming a Carapace Command Allotment Set
Authentication, Authorization, and Accounting • Chapter 5 257
Scroll bottomward aural the Carapace Command Allotment Set Edit window and
define the command allotment set, as apparent in Figure 5.28.The command
authorization set is a account of commands and arguments that a user is accustomed to
execute.You activate creating the account by selecting the activity you appetite taken for any
attempted commands that do not bout one on the command allotment set.
Select either Admittance or Abjure from the Incomparable Commands radio button,
as apparent in Figure 5.28.You can now alpha architecture the account by accounting a command
in the argument box and beat the Add Command button. Do this for each
command that you appetite listed in the allotment set.
NOTE
When abacus a command to the list, accomplish abiding that you access the command
only (with no arguments). You will accept a adventitious to admittance or
deny both specific arguments and incomparable arguments aural the
command.
For anniversary command, you can account specific arguments that you appetite to permit
or abjure by highlighting the command and in entries in the account box to the right
of the command, as apparent in Figure 5.28. Anniversary access should accept the following
format:
www.syngress.com
Figure 5.28 Cisco Secure ACS: Defining a Carapace Command Allotment Set
258 Chapter 5 • Authentication, Authorization, and Accounting
{permit | deny}
In addition, if you do not appetite to absolutely account anniversary accessible command
argument that you ability appetite to allow, you can artlessly analysis the Permit
Unmatched Args analysis box to the appropriate of the accent command.When
you are accomplished defining your command allotment set, bang the Submit
button to complete the configuration.