[c-nsp] AAA Command Authorization
John Neiberger
John.Neiberger at efirstbank.com
Tue Jul 5 16:16:12 EDT 2005
I have a need for a non-privileged user to be able to see an entire
running config on a device. I can't use IOS privilege levels to do this
because of the way IOS behaves. I can't just grant a user the ability to
do "show run" because IOS won't display any command in the config that
the user doesn't have access to.
Now I wonder if the same applies to AAA command authorization via
TACACS+. If I grant a user access to "show run" via AAA command
authorization, will the IOS display the entire config or will it run a
command authorization check on every line in the config?
Thanks
John
--
More information about the cisco-nsp
mailing list