hit counter script

Enabling Secure Authentication Of Web Clients - Cisco 7604 Configuration Manual

Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs Also See for 7604:
Table of Contents

Advertisement

Chapter 17
Applying AAA for Network Access
Configuring Authentication for Network Access
hostname(config)# auth-prompt reject invalid-credentials text
To show text when a user is rejected due to an expired password, enter the following command:
Step 5
hostname(config)# auth-prompt reject expired-pwd text
This prompt is only used if the RADIUS server uses a Windows Active Directory server for the username
and password. You must configure a prompt using the expired-pwd keyword for the user to be prompted
for a new password.
The following example sets the authentication prompt to the string "Please enter your username and
password.":
hostname(config)# auth-prompt prompt Please enter your username and password
After this string is added to the configuration, users see the following:
Please enter your username and password
User Name:
Password:
You can also provide separate messages to display when the FWSM accepts or rejects the authentication
attempt; for example:
hostname(config)# auth-prompt reject Authentication failed. Try again.
hostname(config)# auth-prompt accept Authentication succeeded.
To set rejection messages for invalid credentials, expired password, and for unknown rejection reasons,
enter the following commands:
hostname(config)# auth-prompt reject Authentication failed. Try again.
hostname(config)# auth-prompt reject invalid-credentials Incorrect username or password
hostname(config)# auth-prompt reject expired-pwd Your password is expired. Reset your
password and try again.

Enabling Secure Authentication of Web Clients

The FWSM provides a method of securing HTTP authentication. Without securing HTTP authentication,
usernames and passwords provided to the FWSM would be passed to the destination web server. By
using the aaa authentication secure-http-client command, you enable the exchange of usernames and
passwords between a web client and the FWSM with HTTPS. HTTPS encrypts the transmission,
preventing the username and password from being passed to the external web server by HTTP.
After enabling this feature, when a user accesses a web page requiring authentication, the FWSM
displays the Authentication Proxy Login Page shown in
Figure
17-1.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
17-6
OL-20748-01

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

7609-s76137606-sCatalyst 6500 series7600 series

Table of Contents