ACS authorization plugins + configuration

Hi,
there have been rumors that there is a plugin providing an API that allows you to authenticate user with a given name/password
combination. I.e. the users do not necessarily need an Adobe account.
The rumor also says that this is somewhat related to Barnes & Noble's nook device...
All I found so far is
http://www.adobe.com/devnet/digitalpublishing/articles/barnes_noble_faq.html
Can someone tell me where to find more detailed information. In particular how to download, install and configure that plugin
(if it exists). The interface to be implemented is called "PassHashInfo", but cannot be found in anywhere in the ACS' WAR or JAR
files.
Quote 1:
5.1   PasshashInfo Interface
The PasshashInfo Interface provides the mechanism for providing the encryption key for the document
encryption key during fulfillment when using Passhash based protection. The interface itself is a single  function:
byte[] getPasshash(String transactionID, byte[] userID, byte[] distributorID) throws PasshashException;
The transactionID and distributorID are specified in the fulfillmentToken. The userID comes from the
fulfillmentRequest, which also contains the fulfillment token. Given these three pieces of information, it is  the responsibility of the ACS4 operator to determine the appropriate username and password to be used,
and to generate the encryption key. It is the joint responsibility of the Distributor and the AC54 operator
to communicate the username and password to be used to access the content, prior to initiating the
fulfillment.
It is expected that the AC54 operator will work with the distributor to retrieve the passhash to be used
from the distributor. The exact mechanism to be used for this is outside the scope of ACS4.
Quote 2:
9    Password-Based Document Protection
New in ACS 4.1 is the ability to use password-based encryption for protecting the document encryption
key, instead of the current Public key-based encryption tied to a specific Adobe DRM user. Since the
content is not tied to a particular Adobe DRM user, there is no activation required and therefore no limits
on the number of devices the content can be used on. Because of the lack of activation requirements,
neither returning contents (loans), nor consumable permissions are supported when using password-
based document protections.
Ths password-based encryption is different from the password security offered in the Acrobat file format,
in that it requires a username and password, it is compatible with ACS, and the resulting files cannot be
viewed with Adobe Acrobat or Adobe Reader.
Password-based document protection is also referred to as ''Passhash''. To issue content using Passhash
protection, you must create a DistributionRight for that content with usePasshash set to true, and supply
the encryption hey to be used to the fulfillment service using the passhashlnfo interface. To set up the
DistributionRights correctly, you can either use the adminConsole or directly call the
ManageDistributionRights adm in AP l to set usePasshash to true for the DistributionRight. To configure
the fulfillment service to look for your custom class that implements the passhashlnfo interface, in your
fulfillment configuration file, you will need to set the value of the
com.adobe.adept.fulfillment.passhashInterface
setting to be the name of your class. You will also need to
place your .jar file into a location that is in the library path for Tomcat. The Tomcat Libraries directory is
usually the most convenient for this. For more information on the passhashlnfo interface, refer to the
Technical Reference .
Cheers
  Markus

Hi Vinod,
I noticed that you are creating several posts for the same things...
Please follow up on https://supportforums.cisco.com/thread/2053653 where i posted answer for you.
HTH.
Tiago
If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Similar Messages

  • ACS 5.3 Configuring 802.1x

    Trying to configure 802.1x with ACS 5.3, have some general doubts about how to make it, this is what I got for the moment:
    ACS 5.3 = 192.168.240.28
    AD = 192.168.251.97
    Switch = 192.168.240.171
    IOS device config
    Already configured and running Device Administration using Tacacs, mising with Radius aaa commands:
    aaa group server tacacs+ TACACS_PLUS
    server 192.168.240.28
    aaa group server radius RADIUS_1x
    server 192.168.240.28 auth-port 1812 acct-port 1813
    aaa authentication login default group TACACS_PLUS
    aaa authentication login no_tacacs enable local
    aaa authentication enable default group RADIUS_1x
    aaa authentication dot1x default group RADIUS_1x
    aaa authorization config-commands
    aaa authorization exec no_tacacs local
    aaa authorization commands 15 TACACS_PLUS group tacacs+
    aaa authorization network default group RADIUS_1x
    aaa authorization auth-proxy default group RADIUS_1x
    aaa accounting send stop-record authentication failure
    aaa accounting update newinfo
    aaa accounting dot1x default start-stop group RADIUS_1x
    aaa accounting exec default start-stop group TACACS_PLUS
    aaa accounting network default start-stop group TACACS_PLUS
    aaa accounting connection default start-stop group TACACS_PLUS
    aaa accounting system default start-stop group RADIUS_1x
    tacacs-server host 192.168.240.28 port 49 key 7 104D0617040717180F05
    tacacs-server directed-request
    radius-server attribute 8 include-in-access-req
    radius-server host 192.168.240.28 auth-port 1812 acct-port 1813
    radius-server timeout 20
    radius-server key 7 094F410718151201080D
    radius-server vsa send authentication
    dot1x system-auth-control
    errdisable detect cause security-violation shutdown vlan
    errdisable recovery cause security-violation
    interface GigabitEthernet0/24
    switchport mode access
    switchport voice vlan 7
    dot1x pae authenticator
    dot1x port-control auto
    dot1x host-mode multi-host
    dot1x timeout quiet-period 15
    spanning-tree portfast
    spanning-tree bpduguard enable
    ACS 5.3 Configuration until now
    I have a document on how to configure this on ACS 4.2, but I have some problems trying to configure on ACS 5.3.
    I'll appreciate a lot any ideas that could help me on this.
    Regards,
    Juan Carlos

    Ok Carlos, I make it simple, just AD as condition and authorization profile, I tested with compliant client, and still receiving timeout, and Network Access Authorization still in 0, here is the debug:
    001250: Jan 19 18:40:58.028 GDL: AAA/BIND(0000002F): Bind i/f 
    001251: Jan 19 18:40:58.237 GDL: %AUTHMGR-5-START: Starting 'dot1x' for client (f04d.a2a2.a028) on Interface Gi0/24 AuditSessionID C0A8F0AB0000001101B6C743
    001252: Jan 19 18:41:00.007 GDL: %LINK-3-UPDOWN: Interface GigabitEthernet0/24, changed state to up
    001253: Jan 19 18:41:01.014 GDL: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/24, changed state to up
    001254: Jan 19 18:41:08.547 GDL: AAA/AUTHEN/8021X (0000002F): Pick method list 'default'
    001255: Jan 19 18:41:08.547 GDL: RADIUS/ENCODE(0000002F):Orig. component type = Dot1X
    001256: Jan 19 18:41:08.547 GDL: RADIUS(0000002F): Config NAS IP: 0.0.0.0
    001257: Jan 19 18:41:08.547 GDL: RADIUS(0000002F): Config NAS IPv6: ::
    001258: Jan 19 18:41:08.555 GDL: RADIUS/ENCODE(0000002F): acct_session_id: 37
    001259: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): sending
    001260: Jan 19 18:41:08.555 GDL: RADIUS/ENCODE: Best Local IP-Address 192.168.240.171 for Radius-Server 192.168.240.28
    001261: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): Send Access-Request to 192.168.240.28:1812 id 1645/27, len 246
    001262: Jan 19 18:41:08.555 GDL: RADIUS:  authenticator 27 15 50 22 ED AB FC 34 - F1 24 56 87 30 6F 7D F9
    001263: Jan 19 18:41:08.555 GDL: RADIUS:  User-Name           [1]   18  "juancarlos.arias"
    001264: Jan 19 18:41:08.555 GDL: RADIUS:  Service-Type        [6]   6   Framed                    [2]
    001265: Jan 19 18:41:08.555 GDL: RADIUS:  Vendor, Cisco       [26]  27 
    001266: Jan 19 18:41:08.555 GDL: RADIUS:   Cisco AVpair       [1]   21  "service-type=Framed"
    001267: Jan 19 18:41:08.555 GDL: RADIUS:  Framed-MTU          [12]  6   1500                     
    001268: Jan 19 18:41:08.555 GDL: RADIUS:  Called-Station-Id   [30]  19  "00-1C-0E-08-69-98"
    001269: Jan 19 18:41:08.555 GDL: RADIUS:  Calling-Station-Id  [31]  19  "F0-4D-A2-A2-A0-28"
    001270: Jan 19 18:41:08.555 GDL: RADIUS:  EAP-Message         [79]  23 
    001271: Jan 19 18:41:08.555 GDL: RADIUS:   02 01 00 15 01 6A 75 61 6E 63 61 72 6C 6F 73 2E 61 72 69 61 73  [ juancarlos.arias]
    001272: Jan 19 18:41:08.555 GDL: RADIUS:  Message-Authenticato[80]  18 
    001273: Jan 19 18:41:08.555 GDL: RADIUS:   E5 92 90 F9 39 F2 EA A9 E4 B2 C9 02 12 9D EA B0                 [ 9]
    001274: Jan 19 18:41:08.555 GDL: RADIUS:  EAP-Key-Name        [102] 2   *
    001275: Jan 19 18:41:08.555 GDL: RADIUS:  Vendor, Cisco       [26]  49 
    001276: Jan 19 18:41:08.555 GDL: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A8F0AB0000001101B6C743"
    001277: Jan 19 18:41:08.555 GDL: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
    001278: Jan 19 18:41:08.555 GDL: RADIUS:  NAS-Port            [5]   6   50024                    
    001279: Jan 19 18:41:08.555 GDL: RADIUS:  NAS-Port-Id         [87]  21  "GigabitEthernet0/24"
    001280: Jan 19 18:41:08.555 GDL: RADIUS:  NAS-IP-Address      [4]   6   192.168.240.171          
    001281: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): Sending a IPv4 Radius Packet
    001282: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): Started 20 sec timeout
    001283: Jan 19 18:41:26.507 GDL: RADIUS(0000002F): Request timed out
    001284: Jan 19 18:41:26.507 GDL: RADIUS: Retransmit to (192.168.240.28:1812,1813) for id 1645/27
    001285: Jan 19 18:41:26.507 GDL: RADIUS(0000002F): Started 20 sec timeout
    Complete Report:
    aaa group server tacacs+ TACACS_PLUS
    server 192.168.240.28
    aaa group server radius RADIUS_1x
    server 192.168.240.28 auth-port 1812 acct-port 1813
    aaa authentication login default group TACACS_PLUS
    aaa authentication login no_tacacs enable local
    aaa authentication enable default group RADIUS_1x
    aaa authentication dot1x default group RADIUS_1x
    aaa authorization config-commands
    aaa authorization exec no_tacacs local
    aaa authorization commands 15 TACACS_PLUS group tacacs+
    aaa authorization network default group RADIUS_1x
    aaa authorization auth-proxy default group RADIUS_1x
    aaa accounting send stop-record authentication failure
    aaa accounting update newinfo
    aaa accounting dot1x default start-stop group RADIUS_1x
    aaa accounting exec default start-stop group TACACS_PLUS
    aaa accounting network default start-stop group TACACS_PLUS
    aaa accounting connection default start-stop group TACACS_PLUS
    aaa accounting system default start-stop group RADIUS_1x
    dot1x system-auth-control
    interface GigabitEthernet0/24
    switchport mode access
    switchport voice vlan 7
    authentication port-control auto
    authentication violation protect
    dot1x pae authenticator
    dot1x timeout quiet-period 15
    spanning-tree portfast
    spanning-tree bpduguard enable
    tacacs-server host 192.168.240.28 key 7 104D0617040717180F05
    tacacs-server directed-request
    radius-server attribute 8 include-in-access-req
    radius-server host 192.168.240.28 auth-port 1812 acct-port 1813 key 7 15110402053A2E372B32
    radius-server timeout 20
    radius-server key 7 0110090A5A1B031C224D
    radius-server vsa send authentication
    The compliant client should have access to Vlan 60.

  • Juniper SSG and Cisco ACS v5.x Configuration

    I searched for a long time unsuccessfully trying to find a resolution to my SSG320M and Cisco ACS v5.x TACACS dilemma.  I finally got it working in my network, so I'm posting the resolution here in case anyone else is looking.
    Configure the Juniper (CLI)
      1. Add the Cisco ACS and TACACS+ configuration
         set auth-server CiscoACSv5 id 1
         set auth-server CiscoACSv5 server-name 192.168.1.100
         set auth-server CiscoACSv5 account-type admin
         set auth-server CiscoACSv5 type tacacs
         set auth-server CiscoACSv5 tacacs secret CiscoACSv5
         set auth-server CiscoACSv5 tacacs port 49
         set admin auth server CiscoACSv5
         set admin auth remote primary
         set admin auth remote root
         set admin privilege get-external
    Configure the Cisco ACS v5.x (GUI)
      1. Navigate to Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles
            Create the Juniper Shell Profile.
            Click the [Create] button at the bottom of the page
                    Select the General tab
                            Name:    Juniper
                            Description:  Custom Attributes for Juniper SSG320M
                    Select the Custom Attributes tab
                        Add the vsys attribute:
                            Attribute:                vsys
                            Requirement:       Manadatory
                            Value:                    root
                            Click the [Add^] button above the Attribute field
                        Add the privilege attribute:
                            Attribute:                privilege
                            Requirement:       Manadatory
                            Value:                    root
                                    Note: you can also use 'read-write' but then local admin doesn't work correctly
                            Click the [Add^] button above the Attribute field
                    Click the [Submit] button at the bottom of the page
    2. Navigate to Access Policies > Access Services > Default Device Admin > Authorization
            Create the Juniper Authorization Policy and filter by Device IP Address.
            Click the [Customize] button at the bottom Right of the page
                    Under Customize Conditions, select Device IP Address from the left window
                            Click the [>] button to add it
                    Click the [OK] button to close the window
                    Click the [Create] button at the bottom of the page to create a new rule
                            Under General, name the new rule Juniper, and ensure it is Enabled
                            Under Conditions, check the box next to Device IP Address
                                    Enter the ip address of the Juniper (192.168.1.100)
                            Under Results, click the [Select] button next to the Shell Profile field
                                    Select 'Juniper' and click the [OK] button
                            Under Results, click the [Select] button below the Command Sets (if used) field
                                    Select 'Permit All' and ensure all other boxes are UNCHECKED
                            Click the [OK] button to close the window
                    Click the [OK] button at the bottom of the page to close the window
                    Check the box next to the Juniper policy, then move the policy to the top of the list
                    Click the [Save Changes] button at the bottom of the page
    3.  Login to the Juniper CLI and GUI, and attempt to change something to verify privilege level.

    Cisco Prime LMS is not designed to manage appliances like the ACS. ACS is not on the LMS supported device list and I would doubt that it would be as LMS's functions are mostly not applicable to the appliance or software running on it.
    You can use ACS as an authentication source for LMS, but authorization is still role-based according to the local accounts on the LMS server.

  • AM calls to LDAP No plugins configured for this operation

    Hi All,
    I am getting the following error when creating a user using AM SDK calls. Can someone shed some light here.
    We are using SUN JES 2005Q4, AM 7.0 Patch 5.
    Thanks
    Bala
    [#|2007-11-02T11:12:09.615-0500|WARNING|sun-appserver-ee8.1_02|javax.enterprise.system.stream.err|_ThreadID=13;|
    Message:No plugins configured for this operation
    at com.sun.identity.idm.server.IdServicesImpl.create(IdServicesImpl.java:177)
    at com.sun.identity.idm.AMIdentityRepository.createIdentity(AMIdentityRepository.java:246)
    at gov.research.core.eauth.action.SSOUtilities.createUser(SSOUtilities.java:197)
    at gov.research.core.eauth.action.SAMLClientNSFAction.execute(SAMLClientNSFAction.java:99)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
    at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:747)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
    at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
    at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:226)
    at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2071)
    |#]

    yes i am using JSF 1.2 version.
    i have included listener tag in web.xml.But still i
    am getting same error.
    Sorry i didnt get couple of things that u explained
    about myfaces.
    could u explain more eloberately?JBoss comes with MyFaces as it's JSF implementation. If you wish to use JSF 1.2, you need to uninstall MyFaces and install Sun's RI of JSF (or another one if you prefer). It is not hard to do, see the JBoss documentation:
    http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossWithIntegratedMyFaces

  • SaveBeforeExit plugin configuration

    Hi all,
    I need a help with SaveBeforeExit plugin configuration.
    My scenario:
    I have a tabular for where one column is defined as popup LOV. I would like to use a SaveBeforeExit plugin to display a warning message when there is some not saved data on the page.
    I use a jQuery selector as "Disable Warning Selector" to disable the warning message when something is changed in existing row and user clicks on LOV arrow button (this works).
    table.report-standard aBut this approach does not work when the new row is created. When I create a new row and put some data to some column and then click on LOV arrow button then the warning message is displayed. I have also tried to change the event scope of dynamic action from Static to Dynamic, but without success.
    Could you please help me how to solve this issue?
    My test appl..
    www.oracle.apex.com
    username: [email protected]
    passwd: kurintest
    appl: 71199
    page: 2
    As browser I use IE 8.
    Thanks in advance!
    Jiri

    Since i have an IE8 here i can reproduce your issue. Works in FF without issues. I've been looking at it for a while, but i'm honestly getting so enormously frustrated by the crap that is called IE8. Debugging is such, SUCH, a pain. Even with the dev console open i'm not getting debug from apex.debug. The row that is added by "Add row" is not present in the pathetic piece of code that ie8 pretends is a DOM inspector. The console's inability to show objects. Sigh.
    I can only guess it has something to do with no warning disable being run on the newly added row (and anchor tag). Not sure if this is a ""bug"" in the plugin or not.

  • Authorize plugin notify, on connection timeout + remote function execution

    When a client application stops the stream I normally get an
    E_STOP notify. But if a client dies due to network outage or the
    client computer dies (or something other unforseen that doesnt give
    a FIN/RST on the TCP connection), then it seems there is no way to
    get a notification about this..
    Or have I missed something?
    If not, that is a big feature request for us, and probably
    other people developing pay-per-view-stuff..
    Also, is there some way to catch remote executions? Ie if my
    client calls a function on my SSAS, can I catch that invocation in
    my authorize module somehow? (Or in some other way get trigger some
    code in my plugin, when a client calls a function)
    Is there somewhere on the adobe site one can submit feature
    requests to FMIS?
    Thanks!

    Hi, thanks for your answer!
    Yes, that would be one solution that I've thought of.. But
    then the question is how to interconnect SSAS/remote events with
    the authorization plugin..
    The only thing i've found is the addNotifyAction on
    IFmsAuthEvent that allows me to call a a SSAS function from my
    plugin (when I process an actual event). But not the other way
    arround (dispatching an authorize/notify event in my plugin, from
    SSAS) as far as I've seen...
    I guess if I implement the server pinging feature, and do a
    disconnect, i should get a E_DISCONNECT that I can use, so that
    might be a (very ugly) solution.
    Okay so I tried that now, with the following code:
    application.onAppStart = function()
    setInterval(application.pingAll, 30000);
    Client.prototype.onStatus = function(info)
    trace("client "+this.id+ "/"+this.ip+" onStatus with
    "+info.code+", "+ info.level +": " +info.details);
    Client.prototype.onResult = function(info)
    trace("client "+this.id+ "/"+this.ip+" onResult with
    "+info);
    application.pingAll = function()
    trace("Pinging "+application.clients.length+" clients");
    for (i = 0; i < application.clients.length; i++)
    var c = application.clients[ i ];
    var r = c.call("ping", c);
    trace("Pinging " + c.id + "/"+c.ip+ ", result "+r);
    The result of this was, when pinging a client that was alive
    I got "NetConnection.Call.Failed" immediately, but that was
    expected since I haven't implement the ping function in my client.
    So far so good.. Then I started another connection/stream on a
    laptop, and pulled the plug.. A while later it tried to ping.. No
    call to onStatus nor onResult.. waited a bit, after 5 minutes still
    no call to onResult??.. return value from c.call was always true,
    but after around 6-7 minutes, it started to return false instead.
    But no call to onResult..
    To me this seems like a bug? Or do I have to enable timeouts
    or something?
    I do have <AutoCloseIdleClients enable="true"> (with
    60s check interval and 300 max idle) in my config, but still it
    seems that the client object is alive in application.clients way
    longer than 5 minutes..
    Seems Adobe got a few quirks to sort out?
    Thanks for any help or input!

  • ACS authorization fail

    dear all,
    When i am accessing one of my aaa client ,
    which is getting authenticated from ACS Server 4.2
    it is showinng as Authorization failure , what could be the issue
    configuration on device &server side is proper

    Hi,
    Could you provide the aaa config part from the device? Along with this, please mention the protocol which you are using (Radius/Tacacs)?
    If you are using Tacacs, make sure under the group setup, you have checked "shell" and under the privilege level, entered the privilege level which the user should be assigned.
    Hope this helps
    Kush

  • ACS authorization for copy SCP

    Hi,
    I configured the router to authorize all copy commands. Under ACS I need to allow only copy run: start: and Copy run scp: When I added under urguments:
    permit run: startup:
    permit run: scp:
    it works fine for first one but for scp it will not.
    When i checked the ACS under faild attempts. I found the ACS will not see any scp arguments. so to allow scp I should add:
    permit running <cr>
    which will allow all copies from running to any destination (for exapmly tftp. Can any one advice how I can restrict the copy commands for :
    run startup
    run scp
    thanks

    may be you have a error in few commands in the Shell command authorization set. Verify the complete & correct syntax of the command from the device and then configure it in ACS.

  • ACS Authorization

    I'd like to configure shell authorization sets in ACS for Routers and switches .In this scenario, the users are able to use selective commands (configure terminal and to shut and no shut the interface only ) how can i do that on ACS
    I tried the following but it doesn't work
    configure permit terminal
    interface permit shutdown
    permit no shtdown
    when i tested i can use any command under the interface configuration mode but i'd like to restrict it to shut and no shut only

    Steve,
    Did you resolve this issue??? I have configured shell authorization on the ACS and want to allow certain users to access conf t but limit their commands after this. When I do a shell set that includes 'configure permit terminal' there does not appear to be anyway to control the configuration commands. Access to all configuration is granted.
    Any guidence would be appreciated.
    Dean

  • ACS authorization query

    Hi,
    I would like to know what are the configurations required in Cisco ACS for authorization.
    I have done the foll configurations in the switch.
    aaa authorization config-commands
    aaa authorization exec default group tacacs+ local
    radius-server host 10.240.252.247
    radius-server key greenland.123
    Thanks.
    Rgds.,
    Sack

    Hi Narayan,
    Sorry, I pasted the wrong configurations in the forum.Actual configurations in the device are as follows:
    aaa authorization config-commands
    aaa authorization exec default group radius local
    radius-server host 10.240.252.247
    radius-server key xxx
    I would like to know what are the configurations required in the ACS server with respect to authorization as we are using radius.Do we need to add anything else apart from adding the client in ACS..?
    Thanks.
    Rgds.,
    Sachin

  • Apache2.2 Plugin configuration issue with Weblogic 9.2

    Hi All,
    We are trying to configure apache plugin for weblogic 9.2 (Apache Proxying for Weblogic) in Solaris Spark. When we are testing the httpd.conf configuration using apachectl configtest we are getting following error.
    httpd: Syntax error on line 80 of /data/httpserv/apache-2.2.10/conf/httpd.conf: Cannot load /data/httpserv/apache-2.2.10/modules/mod_wl_22.so into server: ld.so.1: httpd: fatal: /data/httpserv/apache-2.2.10/modules/mod_wl_22.so: wrong ELF class: ELFCLASS32
    We were using the mod_wl_22.so file provided for Solaris/Spark in the link mentioned below.
    http://download.oracle.com/otn/bea/weblogic/server103/server103_apacheplugins.zip
    Apache 2.2.10 installation that we are using is a 64-bit version. It seems mod_wl_22.so provided in the above link for solaris/spark is a 32-bit version. Is it possible to get a 64bit version of this library?
    Anybody has worked on same/similar kind of issues? Is there any workaround, for this?
    Input/thoughts from anyone is highly appreciated

    Hello, I'm not an expert at confugring Apache and WebLogic servers. Hopefully someone else who does know what they are doing will reply to your question.
    I found your question because I am also working on an Apache / WebLogic install for an Ariba installation (in Windows 7).
    However I did support a configuration of WebLogic on Solaris with Apache. I remember that the guy who did the Apache install mentioned that Apache needed to be compiled correctly - below is what he sent:
    Apache server compilation options:
    ./configure prefix=/usr/local/apache_2.0.63 enable-mods-shared=all enable-ssl=shared enable-ssl with-ssl=/usr/local/ssl enable-proxy enable-proxy-connect enable-proxy-http --with-mpm=worker
    I am still looking into the differences between the plugins (mod 22 so vs mod 20 so). Navigating the Oracle download options can be bewildering. I found the link to download a full zip file of plugins (below).
    Oracle WebLogic Server Web Server Plugins 1.1
    http://www.oracle.com/technetwork/middleware/ias/downloads/wls-plugins-096117.html
    I clicked on "all versions."
    Does the WLSPlugin1.1-64bitApache2.2-solaris-sparc.zip contain what you need?
    Great luck to you!
    -Tom Tobey

  • Cash book -FBCJ authorization for configuration of layout - need help

    Hi All,
    We are facing problem that our end users who all maintaining the cash book are all keep changing the alv layout by clicking the configuration button, I need to control this activities....
    Regards
    Krishnamoorthy T
    Edited by: Krishnamoorthy T on Dec 28, :02 PM

    Hi Krishnamoorthy,
    Please arrest the authorization for all the end user and please go to the field status and make the filed suppressed.
    Warm Regards,
    Sivakumar Sathiaymoorthy

  • What's the best way to clone to another Mac with the same system id so I do not have to re-authorize plugins/programs?

    I was told in a different thread that cloning is my answer for my problem.  Once learning that, I checked around and saw people suggesting Super Duper over the Disk Utility option, saying that I will not have to re-authorize my programs.  That it's the easiest way to clone one computer to the next without the hassle of having to reauthorizing all my programs and plugins.  Is this true?

    Clones are clones. SuperDuper does nothing special that Disk Utility does not do.
    Clone using Restore Option of Disk Utility
    Open Disk Utility from the Utilities folder.
    Select the destination volume from the left side list.
    Click on the Restore tab in the DU main window.
    Check the box labeled Erase destination.
    Select the destination volume from the left side list and drag it to the Destination entry field.
    Select the source volume from the left side list and drag it to the Source entry field.
    Double-check you got it right, then click on the Restore button.
    Destination means the new computer. Source means the old computer.
    You can connect the two via Firewire cable if both computers have Firewire ports. If not, then you will need to use an external hard drive as an intermediary. Clone the old computer's drive to the external drive. Then restore the clone from the external drive to the drive in the new computer.
    Restoring the clone simply involves switching the Source and Destination.

  • Web Plugin Configuration

    Anyone can help?
    I have problem configuring the weblogin from
    WebServer 6.1 to SJAS7.0. The following error
    message is prompted..
    line 25, column 50: HTTP3258: Error processing obj.conf line 25: HTTP2212: Directives must have at least one parameter
    I have modify the following config file in webserver,
    please advise.
    magnus.conf
    Init fn="load-modules" shlib="/APP/webserver61/plugins/passthrough/bin/libpassthrough.so" funcs="init-passthro
    ugh,auth-passthrough,check-passthrough,service-passthrough" NativeThread="no"
    Init fn="init-passthrough"
    obj.conf
    <Object name="passthrough">
    ObjectType fn="force-type" type="magnus-internal/passthrough"
    PathCheck fn="deny-existence" path="*/WEB-INF/*"
    Service type="magnus-internal/passthrough" fn="service-passthrough"
    servers="http://localhost:4830"
    Error reason="Bad Gateway" fn="send-error" uri="/APP/webserver61/docs/badgateway.html"
    </Object>

    In obj.conf, is each of the lines beginning with upper case letters on a new line? i.e. it seems like servers="http://localhost:4830" is on a new line. It should not be. Make sure your configuration looks like
    <Object name="passthrough">
    ObjectType fn="force-type" type="magnus-internal/passthrough"
    PathCheck fn="deny-existence" path="*/WEB-INF/*"
    Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://localhost:4830"
    Error reason="Bad Gateway" fn="send-error" uri="/APP/webserver61/docs/badgateway.html"
    </Object>

  • Apache Plugin configuration

    Hi,
    I have an Apache in front of a weblogic cluster ;
    what would be the correct configuration for achieving that every hit the apache receives should be passed to the cluster (= one of the instancies).
    (Probaly a basic question but I'm having some kind of a blackout :-)
    Tried something like thsi but it doesnst work ...
    <IfModule mod_weblogic.c>
    WebLogicCluster 1.1.1.1:7001,1.1.1.1:7003
    MatchExpression *
    ConnectTimeoutSecs 40
    WLCookieName jsessionid
    KeepAliveEnabled ON
    </IfModule>
    ThanX

    Hmmm maybe I have been misleading myself...
    The result was the same as before so I'll have to start doubting my tests.
    The plugin log seems to indicate the request was passed to weblogic,
    but the access logs I had activated on weblogic reflect no entries ..
    I must have configured soemthing wrong.
    PS tested a page that doesn't exist, since there is no content yet in Weblogic
    Mon Apr 19 15:14:14 2010 <1922512716828251> ap_proxy: isThreaded set to -1
    Mon Apr 19 15:14:14 2010 <1922512716828251> ap_proxy: mpm doesn't support threads; assigned dummy memory to timer thread
    Mon Apr 19 15:14:14 2010 <1922512716828542>
    ================New Request: [GET /GETEst.html HTTP/1.1] =================
    Mon Apr 19 15:14:14 2010 <1922512716828542> INFO: SSL is not configured
    Mon Apr 19 15:14:14 2010 <1922512716828542> Using Uri /GETEst.html
    Mon Apr 19 15:14:14 2010 <1922512716828542> After trimming path: '/GETEst.html'
    Mon Apr 19 15:14:14 2010 <1922512716828542> The final request string is '/GETEst.html'
    Mon Apr 19 15:14:14 2010 <1922512716828542> Host extracted from serverlist is [1.1.1.1]
    Mon Apr 19 15:14:14 2010 <1922512716828542> Host extracted from serverlist is [1.1.1.1]
    Mon Apr 19 15:14:14 2010 <1922512716828542> Initializing lastIndex=1 for a list of length=2
    Mon Apr 19 15:14:14 2010 <1922512716828542> getListNode: created a new server node: id='1.1.1.1:7001,1.1.1.1:7003' server_name='1.1.1.1', port='80'
    Mon Apr 19 15:14:14 2010 <1922512716828542> attempt #0 out of a max of 20
    Mon Apr 19 15:14:14 2010 <1922512716828542> Trying a pooled connection for '1.1.1.1/7003/7003'
    Mon Apr 19 15:14:14 2010 <1922512716828542> getPooledConn: No more connections in the pool for Host[1.1.1.1] Port[7003] SecurePort[7003]
    Mon Apr 19 15:14:14 2010 <1922512716828542> general list: trying connect to '1.1.1.1'/7003/7003 at line 2630 for '/GETEst.html'
    Mon Apr 19 15:14:14 2010 <1922512716828542> INFO: New NON-SSL URL
    Mon Apr 19 15:14:14 2010 <1922512716828542> Connect returns -1, and error no set to 115, msg 'Operación en curso'
    Mon Apr 19 15:14:14 2010 <1922512716828542> EINPROGRESS in connect() - selecting
    Mon Apr 19 15:14:14 2010 <1922512716828542> Local Port of the socket is 45567
    Mon Apr 19 15:14:14 2010 <1922512716828542> Remote Host 1.1.1.1 Remote Port 7003
    Mon Apr 19 15:14:14 2010 <1922512716828542> general list: created a new connection to '1.1.1.1'/7003 for '/GETEst.html', Local port:45567
    Mon Apr 19 15:14:14 2010 <1922512716828542> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 404 Not Found]
    Mon Apr 19 15:14:14 2010 <1922512716828542> URL::parseHeaders: StatusLine set to [404 Not Found]
    Mon Apr 19 15:14:14 2010 <1922512716828542> parsed all headers OK
    Mon Apr 19 15:14:14 2010 <1922512716828542> sendResponse() : r->status = '404'
    Mon Apr 19 15:14:14 2010 <1922512716828542> Free old srvrList, id=[1.1.1.1:7001,1.1.1.1:7003], server_name=[1.1.1.1], server_port=[80]
    Mon Apr 19 15:14:14 2010 <1922512716828542> Parsing cluster list: -141471731!-1408044506!7003!-1|-92253949!-1408044506!7001!-1
    Mon Apr 19 15:14:14 2010 <1922512716828542> parseJVMID: Parsing JVMID '-141471731!-1408044506!7003!-1|-92253949!-1408044506!7001!-1'
    Mon Apr 19 15:14:14 2010 <1922512716828542> parseJVMID: Actually parsing '-141471731!-1408044506!7003!-1'
    Mon Apr 19 15:14:14 2010 <1922512716828542> ServerInfo struct for JVMID '-141471731' populated
    Server Details are:
    OrigHostInfo [1.1.1.1]
    isOrigHostInfoDNS [0]
    Host [1.1.1.1]
    Port [7003]
    SecurePort [0]
    Mon Apr 19 15:14:14 2010 <1922512716828542> parseJVMID: Parsing JVMID '-92253949!-1408044506!7001!-1'
    Mon Apr 19 15:14:14 2010 <1922512716828542> parseJVMID: Actually parsing '-92253949!-1408044506!7001!-1'
    Mon Apr 19 15:14:14 2010 <1922512716828542> ServerInfo struct for JVMID '-92253949' populated
    Server Details are:
    OrigHostInfo [1.1.1.1]
    isOrigHostInfoDNS [0]
    Host [1.1.1.1]
    Port [7001]
    SecurePort [0]
    Mon Apr 19 15:14:14 2010 <1922512716828542> Initializing lastIndex=1 for a list of length=2
    Mon Apr 19 15:14:14 2010 <1922512716828542> ### Got a new Server List of length 2 ###
    Mon Apr 19 15:14:14 2010 <1922512716828542> ###Response### : Srvr# [1] = [1.1.1.1:7003:0]
    Mon Apr 19 15:14:14 2010 <1922512716828542> ###Response### : Srvr# [2] = [1.1.1.1:7001:0]
    Mon Apr 19 15:14:14 2010 <1922512716828542> canRecycle: conn=1 status=404 isKA=0 clen=1214 isCTE=0
    Mon Apr 19 15:14:14 2010 <1922512716828542> closeConn: URL.canRecycle() returns false, deleting URL '1.1.1.1/7003'
    Mon Apr 19 15:14:14 2010 <1922512716828542> request [GETEst.html] processed sucessfully..................

Maybe you are looking for

  • Mac or an Imac ... ??

    Hi ...!! I presently use a 2010 macbook white and work on Logic 9 which in a way solves my purpose to a certain extent.. I was wondering would be a good idea for me to upgrade to an Imac rather considering that i'm looking towards setting up a proper

  • Setting File Icons for OS

    Hi How could we make the OS to assign icons which we want for the files. For example i want all the *.xyz files to have a specific Icon tia Jods

  • Good Resource for Finding Java Developer for Startup?

    Not sure if this is the appropriate to place to post but we are looking for an interested Java developer to come onboard our very small (2 man) startup to help us with our networked Java application. I have looked around a little online and not found

  • I had feed issues with my podcast on 2 episodes. How do I refresh them so they are right?

    I have two episodes of my show that are not loading right. I had to take them off of my site and reload them there. How do I refresh them to ITunes?

  • Hotsync hangs up on memo

    Newbie here to forum but have used palm os in the past. Got a new Centro - Verizon I've been syncing and it's worked. Tonight it gets hung up on memo 8 of 12 and won't move from there.  Tried canceling and rebooting computer and smartphone. I went in