[c-nsp] aaa different for console logins?
Jon Lewis
jlewis at lewis.org
Wed Jan 12 07:04:56 EST 2005
On Wed, 12 Jan 2005, Oliver Boehmer (oboehmer) wrote:
> Ack. But please make sure to define appropriate fallback methods. So in
> your case, I would replace
> aaa authorization exec default group radius local
> by
> aaa authorization exec default group radius if-authenticated
>
> I.e. when Radius is not available, authorization succeeds if the user
> has authenticated.
I'll test this, but my impression was that with the local on the end, when
radius is unavailable, locally defined usernames are used and the enable
secret is still used when enabling from an exec level local user.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list