Per-Command Authorization for Management Users
Starting from ArubaOS 8.6.0.0, ArubaOS supports per-command authorization for management users with TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. Servers running on CPPM. This feature gives flexibility in determining commands to be allowed for each management user at each configuration-node. The allowed and not-allowed commands for each management user can be configured in the TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. servers. The commands executed by the management user (with a certain administrative role) will be sent to the TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. server for authorization and only the authorized commands can be executed. Otherwise, the command triggered will be denied.
For TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. Server running on a CPPM, a new management role needs be chosen as the Aruba-Admin-Role in service-type for the target TACACS Terminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Enforcement Profile for the authenticated management-user.
For more information, please refer to the TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. Enforcement Profiles section in the ClearPass Policy Manager 6.8 User Guide.
|
This feature is available only on TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. servers running on ClearPass Policy Manager. |