TACACS+ Authentication Manager Help >> Operation Guide >> Device User Policy >> Authorization Command Configuration >> Shell Profile Configuration

Shell Profile Configuration

A shell profile controls the login behaviors of device users. To validate shell profiles that are configured in TAM, enable the authorization login function. With the authorization login function enabled, after a device user passes the identity authentication, TAM specifies a shell profile for the user, including the ACL, autorun command, privilege level, user-defined attributes, idle time and session lifetime.

Features

• Add Shell Profile
  
  Perform this task to add a shell profile.

  Procedure

  1. Click the User tab, and then select Device User Policy > Authorization Command > Shell Profiles from the navigation tree.
  2. Click Add.
  3. Enter a name for the shell profile. The name must be unique.
  4. Enter an ACL. The ACL is configured on the device, and specifies which device user IP addresses can log in to the device. Make sure the parameter is supported on the device.
  5. Select a privilege level. The privilege level determines the default command set. After a device user logs in to the device, the device automatically loads the command set according to the privilege level. The device user cannot see or execute the commands not in the command set. The privilege level range supported varies with device vendors. Make sure that the privilege level you select is within the range that the device supports.
  6. Enter the idle time. After a user logs in to the device, if the user does not execute any command in this period of time, the device logs off the user. Make sure the parameter is supported on the device.
  7. Enter the session lifetime. If the session lifetime expires, the user is forcibly logged off.
  8. Enter the auto run command. This command is automatically executed after a device user logs in to the device. Make sure the parameter is supported on the device.
  9. Add user-defined attributes. Add custom attributes as needed based on the user requirements and device capability. For example, add the user-defined attribute ftp-directory=flash:/ to represent the authorized FTP directory.
  10. Enter a description.
  11. Click OK.
• Modify Shell Profile
  
  Perform this task to modify a shell profile.

  Procedure

  1. Click the User tab, and then select Device User Policy > Authorization Command > Shell Profiles from the navigation tree.
  2. Click the icon of the shell profile that you want to modify.
  3. Modify the parameters as needed.
  4. Click OK.
• Delete Shell Profile
  
  Perform this task to delete a shell profile. Shell profiles that are used by authorization policies cannot be deleted.

  Procedure

  1. Click the User tab, and then select Device User Policy > Authorization Command > Shell Profiles from the navigation tree.
  2. Click the icon of the shell profile you want to delete.
     A confirmation dialog box appears.
  3. Click OK.