[cisco-nas] managing users' priviledges with local database

Aaron Leonard Aaron at cisco.com
Tue Sep 27 18:26:34 EDT 2005 

Sorry, no way to impose a limit on the number of exec logins
for a locally authenticated user.  (user-maxlinks is useful
only for PPP links.)

Here's what you get for a local username:

as5200(config)#username fred ?
  access-class         Restrict access by access-class
  autocommand          Automatically issue a command after the user logs in
  callback-dialstring  Callback dialstring
  callback-line        Associate a specific line with this callback
  callback-rotary      Associate a rotary group with this callback
  dnis                 Do not require password when obtained via DNIS
  nocallback-verify    Do not require authentication after callback
  noescape             Prevent the user from using an escape character
  nohangup             Do not disconnect after an automatic command
  nopassword           No password is required for the user to log in
  password             Specify the password for the user
  privilege            Set user privilege level
  user-maxlinks        Limit the user's number of inbound links
  <cr>

Privilege, autocommand and access-class are perhaps the
most generally useful ones in this case.

Regards,

Aaron

---

>hello,
>
>my machine :
>IOS (tm) 5200 Software (C5200-IS-L), Version 11.3(11b)T3
>
>my goal : create a local user in order to supersede TACACS (I've already got :
>aaa authentication login default local tacacs+ enable) and give parameters to
>that user.  What I'm mostly interrested in is limit the numer of simultaneous
>session to 3 (let's say).
>
>Is this feasible at all, to start with ?
>Is there a guide on how to do this (with other parameters I could set) ?
>
>Thanks !
>
>-------------------------------------------------------------------
>Pierre Nepveu, CCNP                    tel: +1 514.380-4289 
>Architecte - Reseau commute                 +1 888.INFOVTL x 4289
>Ingenierie / Telephonie                fax: +1 514 899-8452
>Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
>-------------------------------------------------------------------
>
>
>
>_______________________________________________
>cisco-nas mailing list
>cisco-nas at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nas
>  
>

More information about the cisco-nas mailing list