1.1.1 Require AAA Service
A quick comment on this AAA service check. While it is absolutely
correct that AAA features are not available for use until you enable
AAA globally by issuing the aaa new-model command, it does not
necessarily mean that is configured correctly (complete
configuration). For instance, you can do aaa authentication login
default none and the system will not do any authentication.
Suggestion: A more complex check should be done...
See example (options) below...
R1(config)#aaa authentication login default ?
enable Use enable password for authentication.
group Use Server-group
krb5 Use Kerberos 5 authentication.
krb5-telnet Allow logins only if already authenticated via
Kerberos V Telnet.
line Use line password for authentication.
local Use local username authentication.
local-case Use case-sensitive local username authentication.
none NO authentication.
passwd-expiry enable the login list to provide password aging support
No comments:
Post a Comment