Just wondering if this can be done:
We have a RSA server and TACACS server, all working fine.
We would like to put in 2 factor authentication using our RSA token to manage our ASA box.
Now, I have got the 2 factor authentication working (tested it with SSH to ASA box) but it seems like it allows anyone with an account on the RSA server to login to the box. We don't want this, we want to be able to lock it down to only few accounts.
We also have a TACACS server. Logging in to the ASA box using TACACS local accounts work fine
I understand that authorisation doesn't work with RSA, and one of the suggestions that I received was to add the RSA server into TACACS, create the user groups / users we want and use TACACS for both authentication and authorisation. Is that right? Some pointers would be appreciated :|