[c-nsp] restrict authentication configuration for certain auth levels

[David George]

thanks Javier - yes, I have done this on tacacs+ and that is working quite well, I was after a way to do this to prevent some contractors from being able to escalate their own rights while the tacacs+ server was unavailable and the devices have fallen over to local auth.

it's not a big deal, was more a curiosity point than anything.


David George
System Administrator



P: +61 7 3503 6806 (ext 500)
A: PO Box 476, Annerley Q 4103 Australia
W: oztix.com.au | nztix.co.nz | heatseeker.com.au 

This email and attachments are intended for the named address(es) only and may contain information which is confidential and (or) legally privileged. Any legal privilege is not waived because this email has been sent to you by mistake. If you receive this email in error please delete it and notify the sender immediately. Any unauthorised use or disclosure of this email is prohibited. Ticket Solutions Pty Ltd accepts no responsibility for any loss or damage caused by this email or its attachments due to viruses, interference or unauthorised usage. Any arrangement, proposal, contract or agreement referred to in this email is subject to Ticket Solutions' internal sign-off procedures, including CEO approval.



-----Original Message-----
From: Javier Henderson (javier) [mailto:javier at cisco.com] 
Sent: Wednesday, 23 April 2014 11:15 PM
To: David George
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] restrict authentication configuration for certain auth levels


On Apr 22, 2014, at 8:53 PM, David George <davidg at oztix.com.au> wrote:

> Afternoon all
> What's an easy way to restrict configuration of anything auth related (aaa, local users etc..) for a specific user level?

Command authorization, and a TACACS+ server.

Javier Henderson
javier at cisco.com