Re: [fw-wiz] Login straight to priv mode in PIX with TACACS server



Michel,

If you set the PIX to use tacacs+ and then local it will use local if
it cannot contact the TACACS+ server, The easiest way to make sure it
cannot contact the TACACS+ server is to remove the network cables.

On 6 February 2010 15:32, Michel Ferreira <michelf@xxxxxxxxx> wrote:
Hi,

I've successfully configured my PIX 506E (6.3) to authenticate with my
TACACS+ Server (ACS 4.1), however I want to know if there's any way to
put the user straight in priv mode (enable) just after login, without
the need to input the 'enable' command.

I'm questioning this because I don't want to include the "aaa
authentication enable console tacacs+ LOCAL" command, since with this
command if I need console access I still will be authenticating
against the TACACS+ server, which, in a emergency situation (like one
that i need to physically connect a console cable to the firewall)
I'll be using the remote authentication, and I don't want that.

Thanks for your considerations,

Michel
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards