Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Isn't "set authorization commands enable" all that is required?

Hello,

I configured only "set authorization commands enable all tacacs+ if-authenticated telnet" and I received also enable authorization.

Why then do I need to configure the command

set authorization enable enable tacacs+ if-authenticated telnet

In addition, what does the following command authorize? I realise it authorises the exec shell, but what about the exec shell is it authorising?

set authorization exec enable tacacs+ if-authenticated telnet

Many Thanks

Ian

2 REPLIES
New Member

Re: Isn't "set authorization commands enable" all that is requir

Question 1:

Using the "all" attribute sets authorization for all commands

Question 2:

set authorization exec enable tacacs+ if-authenticated telnet

Exec authorization enforces the service=shell attribute to be assigned and allows shell attributes to be pulled from the AAA server such as, priv-lvl, acl, timeout and idletime for example.

Hope this helps.

New Member

Re: Isn't "set authorization commands enable" all that is requir

Thank you, your response is very helpful.

Just to clarify, does set authorization commands enable all obsolete the command set authorization enable enable?

Many Thanks

Ian

112
Views
0
Helpful
2
Replies