Change the username/password prompt with AAA

 

TACACS+ protocol introduced with the IOS AAA architecture had great provisions for customizing the whole login process (user-defined banners, prompts …). Unfortunately, it never really took off and most AAA solutions deployed today rely on RADIUS servers that cannot control the login process itself (the RADIUS server can only check the username/password pair for validity).
To change the login prompts when using RADIUS servers, use the aaa authentication [banner|fail-message|password-prompt|username-prompt] text configuration command.For example, to introduce meaningful prompts when using one-time password solution, you could use something similar to this configuration:

aaa authentication banner #
Access to this router is protected with one-time passwords.

Send an e-mail to admin@nowhere.net if you need access.

#
aaa authentication fail-message #
Login failed. Wait at least 30 seconds and retry
#
aaa authentication password-prompt "Enter your PIN + one-time password:"
aaa authentication username-prompt "Enter your username:"

Note: the texts specified with the password-prompt and username-prompt options are one-line texts delimited with quotes, the parameters of the banner and fail-message options are multi-lined texts delimited with any character.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s