To configure the Cisco IOS software to check the local user database for authentication before attempting another form of authentication, use the aaa authentication local-override global configuration command. Use the no form of this command to disable the override.
aaa authentication local-override
no aaa authentication local-override
This command has no arguments or keywords.
Override is disabled.
Global configuration
| Release | Modification | 10.3 | This command was introduced. |
|---|
This command is useful when you want to configure an override to the normal authentication process for certain personnel such as system administrators.
When this override is set, the user is always prompted for the username. The system then checks to see if the entered username corresponds to a local account. If the username is not found in the local database, login proceeds with the methods configured with other aaa commands (such as aaa authentication login ). Note that when using this command the Username: prompt is fixed as the first prompt.
The following example enables AAA authentication override:
aaa authentication local-override
| Command | Description |
|---|---|
| aaa authentication arap | Enables an AAA authentication method for ARA using TACACS+. |
| aaa authentication enable default | Enables AAA authentication to determine if a user can access the privileged command level. |
| aaa authentication login | Sets AAA authentication at login. |
| aaa authentication ppp | Specifies one or more AAA authentication method for use on serial interfaces running PPP. |
| aaa new-model | Enables the AAA access control model. |
Printed for apswan@ctr.ap.nic.in on Wed Mar 5 22:32:57 PST 2003
All material in this document copyright 2000 Cisco Systems, Inc. All rights reserved. No material may be reproduced or distributed without written permission of Cisco Systems, Inc.