PIX Firewall software v6.2 introduced the concept of the
local user authentication database, common in router configurations to the PIX
Firewall family. Like its router relatives, the local PIX Firewall user
authentication database consists of the users entered with the username command. The PIX Firewall login
command can use this database for authentication. Use the no form of the command
to remove a user from the database. The syntax is
Pix(config)# username usr_name
{[{nopassword | password password} [encrypted]]
[privilege level]}
Pix(config)# no username usr_name
The minimum usr_name and password are four and three alphanumeric characters,
respectively. Because the PIX automatically encrypts all passwords, the
encrypted option means the entry will already be encrypted.
Use the show username [usr_name] command to display the users
defined in the local PIX Firewall user authentication database.
Pix(config)# username admin7 password cisCo7 privilege 7
Pix(config)# username bill password pearson privilege 12
Pix(config)# username mike password chow privilege 15
Pix(config)# show username
username mike password 6NVlMI5JXIWRfMS7 encrypted privilege 15
username admin7 password zs7H.SH1jCsgkxKA encrypted privilege 7
username bill password 7/y5W7TBQ4r2o7OF encrypted privilege 12
Pix(config)#
Pix(config)# no username bill
Pix(config)# no username mike
Pix(config)# no username admin7
Warning:Local user database is empty and there are still 'aaa' commands for
'LOCAL'.
Pix(config)#
The preceding example shows how to remove users from the local
user database. The warning shows the result of removing the last user if some
features, such as AAA, are using the local user database.
The login Command
The login command can be used to log a user into the PIX
Firewall, another privilege level, or another Command mode using the local user
authentication database. This command is available in Unprivileged mode. The
user can use the logout, exit, or quit commands to go back to Unprivileged mode.
The following example shows the prompt after a login command.
Pix> login
Username:
Username: mike
Password: ****
Pix#
Local User Database and AAA
Cisco Secure ACS AAA services support using the local user
database (LOCAL) as an alternative to TACACS+ or RADIUS servers for user
authentication and command authorization tasks. The following output shows using
the local user database with AAA commands. The details of these commands are
reviewed in the next pages.
Pix(config)# aaa authentication telnet console LOCAL
Pix(config)# aaa authentication enable console LOCAL
Pix(config)# aaa authorization command LOCAL
Verifying AAA Services
Use the show aaa (not show
AAA) command to list AAA services configured, as shown in the following
example:
Pix(config)# sho aaa
aaa authentication telnet console LOCAL
aaa authentication enable console LOCAL
aaa authorization command LOCAL
Pix(config)#
Sections
Comments (0 posted)
Syndication
