Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
270
Views
0
Helpful
1
Replies

Accessing to PDM in read-only mode

Go to solution
m.laporta
Level 1
Level 1

‎05-21-2003 08:44 AM - edited ‎03-09-2019 03:22 AM

Hi all.

I have a Pix with ver 6.3 and I want to enable an access to it for the Customer in a read-only mode.

I ordinarily don't use aaa and privileges to avoid lock-out problems but now it seems I must face the topic.

I have 2 questions:

A. Is the following plan safe (and sufficient) to avoid lockout?

1. username admin password **** priv 15

2. username pdmuser password **** priv 5

3. aaa authentication http console LOCAL

4. privilege level 5 command ???

B. Which commands shoul I assign to privilege level 5 to let the user see the Home and the Monitoring Page completely?

Thank you

michele

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mhoda
Level 5
Level 5

‎05-22-2003 03:53 PM

Hi Michele,

A. Yes, it is safe and sufficient not to lock out of the pix. Infact, your telnet/console will not be affected, only the PDM with the above config in place.

B. There are three different priv levels for PDM, Monitor (level 3), Read Only (level5) and admin (level 15). So, Monitor level is all it requires to get access to the Home Page and Monitoring page. Here is the procedure:

Turning on AAA for PDM:

-System properties

-Pix Admin

-Authentication/Authorization

-check HTTP/PDM box

-service group select LOCAL

-Check ENBALE AUTHORIZATION box

-service group select LOCAL

Creatting Users:

-User account -> user with level 15 and 3 (monitor)

Thanks,

Mynul.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
mhoda
Level 5
Level 5

‎05-22-2003 03:53 PM

Hi Michele,

A. Yes, it is safe and sufficient not to lock out of the pix. Infact, your telnet/console will not be affected, only the PDM with the above config in place.

B. There are three different priv levels for PDM, Monitor (level 3), Read Only (level5) and admin (level 15). So, Monitor level is all it requires to get access to the Home Page and Monitoring page. Here is the procedure:

Turning on AAA for PDM:

-System properties

-Pix Admin

-Authentication/Authorization

-check HTTP/PDM box

-service group select LOCAL

-Check ENBALE AUTHORIZATION box

-service group select LOCAL

Creatting Users:

-User account -> user with level 15 and 3 (monitor)

Thanks,

Mynul.

0 Helpful
Customers Also Viewed These Support Documents