[nsp] user authentication
Tim Franklin
tim at colt.net
Wed Oct 8 10:37:24 EDT 2003
cisco-nsp-bounces at puck.nether.net wrote:
> I'd like to be able to specify that a specific username should use
> RADIUS auth. i.e.
> username staff authentication radius
> however I haven't been able to figure out an easy way to do this. The
> only idea I've come up with so far is to add radius to login
> authentication, and try to setup the radius server to deny login auth
> for all but the staff acount (and still allow ppp auth for all the
> radius accounts).
You could point login authentication at either TACACS or a different RADIUS server. This does get you the pain of running two servers, but having TACACS for staff accounts is quite useful in itself (easy(ish) to permit / deny down to a router / login / command granularity).
Regards,
Tim.
--
Tim Franklin ____________
Project Engineer \C/\O/\L/\T/ Product Engineering &
T: +44 20 7863 5714 V V V V Customer Solutions
F: +44 20 7863 5876
More information about the cisco-nsp
mailing list