Sure, this is what authorization proxy is for. The documentation for this is pretty good and does a better job than what I could do here. The documentation is located here for recent versions of the PIX software:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/fwaaa.html
Old software used "aaa authentication include". New software has moved to "aaa authentication match".
You must define your AAA server prior to the "aaa authentication xxxxxx" command since the aaa command references the AAA server.
Hope this helps.