[c-nsp] aaa different for console logins?

Jon Lewis jlewis at lewis.org
Tue Jan 11 20:50:29 EST 2005


On Tue, 11 Jan 2005, Oliver Boehmer (oboehmer) wrote:

> by default, console sessions are not authorized via AAA (a safeguard
> against a misconfigured authorization). configure "aaa authorization
> console" (could be hidden, depending on IOS release) if you want to
> change this behaviour.

Ah, so thats to stop you from giving out enable on the console
accidentally?  It does use AAA for authentication on the console without
doing anything special.

My reason for looking into this is that we use AAA (radius) to
authenticate noc staff logins (so we don't have to change enable secrets
any time someone leaves) and during emergencies when someone has to
console in, I'd like them to get enable without having to tell them the
"super secret enable secret".

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


More information about the cisco-nsp mailing list