Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Multi-Service IronWare Security Configuration Guide

39

53-1003035-02

Configuring TACACS or TACACS+ security

1

NOTE

After successful key-authentication, the SSH session will be placed into the privileged EXEC mode.

Example 3:

Brocade (config) # aaa authentication login privilege-mode

Brocade (config) # ip ssh permit-empty-passwd yes

NOTE

After successful key-authentication, the SSH session will be placed into the privileged EXEC mode.

Example 4:

Brocade (config) # aaa authentication login privilege-mode

Brocade (config) # ip ssh key-authentication no

Brocade (config) # ip ssh password-authentication yes

Brocade (config) # ip ssh interactive-authentication yes

NOTE

An authenticated SSH session using either password or interactive authentication will be placed into
the privileged EXEC mode.

Disabling automatically entering Privilege EXEC mode access for SSH session with public-key
authentication

Example 1:

Brocade (config) # aaa authentication login default local

Brocade (config) # no aaa authentication login privilege-mode

NOTE

After successful key-authentication, the SSH session will be placed into the User EXEC mode.

Syntax: :[no] aaa authentication login privilege-mode

Configuring enable authentication to use enable
password on TACACS+

TACACS+ server allows a common enable password to be configured on the TACACS+ server. To
allow a user to authenticate against that enable password, instead of the login password, use this
command.

Brocade(config)# aaa authentication enable implicit-user

Syntax: [no] aaa authentication enable implicit-user

Telnet or SSH prompts when the TACACS+ server
is unavailable

When TACACS+ is the first method in the authentication method list, the device displays the login
prompt received from the TACACS+ server. If a user attempts to login through Telnet or SSH, but
none of the configured TACACS+ servers are available, the following takes place: