Weblogic 103 Authentication & Authorization using extenal openldap

Similar Messages

• Authentication/Authorization across Apache/Weblogic?

  Hello,
  We are considering a setup with Apache handling Servlet/JSP and WLS for EJB/etc.
  I heard WLS has some plug-in for Apache. Does this plug-in enable Authentication/Authorization
  with my (custom RDBMS-based) security realm in WLS? Any gotcha? Any live experience?
  TIA
  chuck

  This is what I did. My environment is openldap, weblogic 10.3 on a windows machine. Still having trouble
  dn: cn=fd_user1,ou=people,dc=example,dc=com
  objectClass: person
  cn: fd_user1
  dn: cn=FD,ou=groups,dc=example,dc=com
  objectClass: groupOfNames
  cn: FD
  member: cn=fd_user1,ou=people,dc=example,dc=com
  Here is my weblogic.xml entries
  <wls:security-role-assignment>
  <wls:role-name>FD</wls:role-name>
  <wls:externally-defined/>
  </wls:security-role-assignment>
  My web.xml
  <security-constraint>
  <display-name>Example Security Constraint</display-name>
  <web-resource-collection>
  <web-resource-name>SecuredArea</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>FD</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>myrealm</realm-name>
  <form-login-config>
  <form-login-page>/login.jsp</form-login-page>
  <form-error-page>/login.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <role-name>FD</role-name>
  </security-role>
  Inside the login.jsp I do have the j_security_check as the action parameter value. I am able to view the ldap users in the admin console too. Still not able to access the resource. I am in the process of debugging the ldap messages on the openldap console.
  Thanks

• Ask for help with form based authentication & authorization

  Hi:
  I encountered the following problem when I tried the form based authentication & authorization (see the attached part of the config files, web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, it doesn't go the login error page as long as the user/pwd match, even though the user does not have the necessary role
  in the example below, user3 should be denied to access the signin page, but seems no login error page returned, actually I never see any page / error message which complain about the authorization / access control error
  2. after authenticate correctly, always get redirected to the / (context root) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

  Hi, Paul:
  Thanks a lot for your reply.
  Firstly let me just correct a little in the attachment I put previously, I think I missed following lines :
  <auth-constraint>
  <description>no description</description>
  <role-name>customer</role-name>
  </auth-constraint>
  So, user1 & user2 are in the customer group, but user3 not, and /control/singin is protected by this security constraint, as a result, when anyone click the link to /control/singin, he was led to the login page, if he tries to login as user1 & user2, he should pass & led to original page (in this case /control/singin, and my code's logic, once /control/signin is used, means that he already login successfully & redirected to the login success page), but if he tries to login as user3, he should only pass the authentication check, but fail the authorization check, and led to login error page.
  What not happen are :
  1. user1 & user2 pass, but redirect to /
  2. user3 also pass, because I see that debug message shows also get redirected to /, instead of login error page
  (login error page will be displayed, only if I try to login as a user with either wrong userid, or wrong password)
  3. one more thing I notice after I first time post the message, the container does not remember the principal, after 1. is done, not even for a while
  And the similar configuration works under Tomcat 3.2.1, for all 3. mentioned above.
  Any idea ?
  HaiMing
  "Paul Patrick" <[email protected]> wrote:
  If I understand what your trying to do, everyone should get access to the
  login page since roles are not
  associated with principals until after they authenticate. If I follow what
  you specified in the XML files,
  authenticated users user1 and user2 are members of a group called
  customer_group.
  The principal customer_group (and therefore its members) is mapped in the
  weblogic.xml file to the role
  customer.
  I can't speak to the reason your being redirected to the document root.
  Paul Patrick
  "HaiMing" <[email protected]> wrote in message
  news:[email protected]...
  Hi:
  I encountered the following problem when I tried the form basedauthentication & authorization (see the attached part of the config files,
  web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, itdoesn't go the login error page as long as the user/pwd match, even though
  the user does not have the necessary role
  in the example below, user3 should be denied to access the signinpage, but seems no login error page returned, actually I never see any page
  / error message which complain about the authorization / access control
  error
  2. after authenticate correctly, always get redirected to the / (contextroot) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

• Weblogic security authentication; question to interact with the realm

  Hi, I have a quick question about weblogic security authentication....
  We are using weblogic 81sp3. We have user-group info in an Novell eDirectory LDAP server.
  Currently, a Novell Authenticator provider is configured under : Security > Realms > myRealm > Providers > Authentication This tells Weblogic from where to get the user and groups. Weblogic caches this information of the logged on users for certain time ( example : 60 secs ) after which it cleans the cache for all inactive users. We want to interact with the Weblogic cache. Add more user profile information to this cache and use it in our application .
  Does somebody know how to programmatically interact with Weblogic user-group cache - read , write , update and delete user-group info in cache and control time to live for the cache ?

  already checked
  TTLCache class which weblogic provides. But they seem to depracetd it
  help ?

• Authentication & Authorization with SSO, JAAS and Database Tables mix

  Hi,
  I'm looking for how manage Authentication & Authorization in a J2EE ADF+Struts+JSP application.
  I'm interested in use SSO for authentication (I just did it programatically & dynamically already), and now I would like to could define authorization using database tables with users, groups, profiles, individual permissions, ..., (maitanined dynamically by web application admin) throught JAZN (JAAS or however is said) but not statically defining roles, groups, users, ... in jazn xml files.
  I saw that exists the possibility to create a custom DataSourceUserManager class to manage all this, and this gave me the idea that this could be possible to do (I was thinking in make a custom Authorization API over my application tables, without JAZN) but what is better that use and extended and consolidated aprox like JAZN.
  Anybody could tell me if my idea could be possible, and realizable, and maybe give me some orientation to build this approach.
  A lot of thanks in advanced.
  And sorry, excuse my so bad english.
  See you.

  Marcel,
  Originally the idea was to create a post to only explain how to do authentication using a Servlet filter. However,
  I have recently added code to the JHeadstart runtime and generators to enable both JAAS and 'Custom' authentication AND authorization in generated applications. Therefore, this post will be made after we have released the next patch release, as it will depend on these code changes.
  We currently plan to have the patch release available sometime in the second half of May.
  Kind regards,
  Peter Ebell
  JHeadstart Team

• Authentication & Authorization Component

  hi!
  please introduce to me components for Authentication & Authorization that
  i use in the web application and i use it for Authentication & Authorization
  plesae help me .
  thanks.....

  Having a look at LDAP Protocol may give you some ideas. LDAP (Local Directory Access Protocol) is a cross platform protocol for authenticating and authorising users onto a network.

• Nexus, command authorization using TACACS.

  Hello.
  Can someone provide a sample configuration to use Cisco Secure ACS 4.2 to enable command authorization using TACACS.
  Thanks.
  Regards.
  Andrea

  Hi Andrea,
  We've moved onto ACS 5.3 now - but we had our Nexus 5520's running against our old ACS 4.2 before that - so I've picked out the relevant bits of the config below:
  username admin password role network-admin ; local admin user
  feature tacacs+ ; enable the tacacs feature
  tacacs-server host key ; define key for tacacs server
  aaa group server tacacs+ tacacs ; create group called 'tacacs'
      server ;define tacacs server IP
      use-vrf management ; tell it to use the default 'management' vrf to send the tacacs requests
      source-interface mgmt0 ; ...and send them from the mgmt interface
  aaa authentication login default group tacacs ; use tacacs for login auth
  aaa authentication login console group tacacs  ; use tacacs for console login auth
  aaa authorization config-commands default group tacacs local  ; use tacacs for config command authorization
  aaa authorization commands default group tacacs local  ; use tacacs for normal command authorization
  aaa accounting default group tacacs ; send accounting records to tacacs
  Hope that works for you!
  (That can change a bit when you move to ACS 5.x - as we've chosen not to do complex command auth (using shell profiles only) so instead you pass back the nexus role to the 5k - and it does the command auth (network-admin vs network-operator) based on that - so you just don't configure aaa command authorization on the 5k)
  Rob...

• 11g hybrid authentication / authorization: WLS plus external table

  I've implemented external table authentication / authorization in 11g. Now I'd like to add a twist.
  I have an external table containing users B, C, and D. That external table contains all of the columns I need for authentication (including a clear text password) and for authorization (roles, log level, a dynamic table name, and so forth). I have authentication in one initialization block, authorization in another. Everything works fine. I can log in as B, C, or D and see exactly what I'm supposed to see, based on the ROLES.
  The clear text passwords are generally not a problem, because this is a training instance and almost all of the passwords are the same. However, I want to add a user whose password should not be held in clear text. For that reason, I'd like to add that user into WLS. I've done that, and I'm able to log in to OBIEE. After confirming that I could log in to OBIEE with user A from the WLS, I added User A to the external table, left its password field blank, and filled in the other columns (roles, loglevel, etc...) that I need to assign into session variables.
  Here's the problem: the authorization init block properly assigns ALL session variables for users B, C, and D. It assigns all session varaibles EXCEPT the ROLES variable for user A. I've confirmed this by creating an Answers analysis that shows me the values of the session variables. The ROLES session variable for user A shows "authenticated-role;BIConsumer;AuthenticatedUser". For all other users (those who are authenticated using the clear text passwords in the external table) the ROLES variable is populated correctly, based on the values in the ROLES column in the external table. In short, the authorization init block is properly assigning the ROLES session variable only for those users that were authenticated using the authentication init block, but is assigning all other session variables correctly for all users, even the one in WLS.
  Here's my authentication init block code:
  select bi_user
  from bi_auth_ldap
  where bi_user = ':USER'
  and bi_user_pwd = ':PASSWORD'
  Here's the authorization init block code:
  select roles, bi_user_name, to_number(loglevel,0), channel_tbl
  from bi_auth_ldap
  where bi_user = ':USER'
  (returned results are assigned into ROLES, DISPLAYNAME, LOGLEVEL, and CHANNEL_TBL session variables, respectively)
  It feels like the ROLES session variable is populated in conjuction with the user logging on and being authenticated via WLS, and that the initialization block isn't able to overwrite that variable. Can an OBIEE developer confirm that for us, please? Once set in WLS, is it not possible to overwrite the ROLES session variable with SQL from an initialization block? If it IS possible, can you post some code that will accomplish it?
  Thanks!

  It occurs to me that Oracle's support model is a fantastic way to make money. Let's see, I wonder if I could become a billionaire doing this:
  Create some software. Sell that software. Then, charge customers several thousand MORE dollars, year after year, plus about $60 per bug, so that they have the right to report MY bugs to me. Yeah, that's the ticket - people PAYING for the right to report bugs to me. Oh, and if more than one person reports the same bug, I get to keep ALL of the money from ALL of them.
  Let's summarize, make sure I haven't missed something: You buy my software, you PAY ME additionally to report MY bugs to me, I don't necessarily have to fix the bugs (but I keep your money whether I fix it or not), and I can collect multiple times from different people who report the same bug.
  Sweeeeeeet.........
  Billionaire Acres, here I come!

• Authentication & Authorization programming

  Hello all,
  I am in process to create a new application, My requirement here is that I want to create a reusable module that I want to use for authentication & authorization. Further I want that when ever a user logs-in, his/her privileges get stored in the session and based on the data stored in the database s/he should be able to view the page and event the fields/components on it.
  Can any one help me with the design of the above requirement.
  Thanks in advance for the same.

  Hi,
  if you want 2 applications share the same session you should give them the same login cookie name in the authentication scheme.
  >
  1. convey relevant values from the custom auth app (these cannot be one app)
  >
  Setup a database context to share values between the applications.
  Or use apex_util.fetch_app_item http://docs.oracle.com/cd/E37097_01/doc/doc.42/e35127/apex_util.htm#BABIBAID
  >
  2. make certain that users don't just bookmark the target app and bypass my authentication/authorization outcomes -- something here with session ID?
  >
  Set the URL for the "session not valid" section of the authentication scheme to the login page of your custom auth app
  regards,
  Erik-jan

• Web Authorization using Jrun 4 Updater 7

  Hi
  I'm trying to implement Web Security Authorization using JRUN 4 updater 7. When I start the server, I'm getting an error.
  06/03 15:46:24 error An exception was thrown when initializing the security filters.
  java.lang.NullPointerException
  at jrun.servlet.security.StandardSecurityFilter.<init>(StandardSecurityFilter.java:59)
  at jrun.servlet.security.WebAppSecurityService.createSecurityFilters(WebAppSecurityService.java:462)
  at jrun.servlet.security.WebAppSecurityService.start(WebAppSecurityService.java:95)
  at jrun.servlet.WebApplicationService.start(WebApplicationService.java:223)
  at jrun.ea.EnterpriseApplication.start(EnterpriseApplication.java:194)
  at jrun.deployment.DeployerService.initModules(DeployerService.java:708)
  at jrun.deployment.DeployerService.createWatchedDeployment(DeployerService.java:243)
  at jrun.deployment.DeployerService.deploy(DeployerService.java:428)
  at jrun.deployment.DeployerService.handleEvent(DeployerService.java:382)
  at jrunx.kernel.JRunServiceDeployer.fireEvent(JRunServiceDeployer.java:710)
  at jrunx.kernel.JRunServiceDeployer.deployServices(JRunServiceDeployer.java:111)
  at jrunx.kernel.DeploymentService.loadServices(DeploymentService.java:46)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)
  at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
  at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
  at jrunx.kernel.JRun.startServer(JRun.java:575)
  at jrunx.kernel.JRun.<init>(JRun.java:493)
  at jrunx.kernel.JRun$1.run(JRun.java:346)
  at java.security.AccessController.doPrivileged(Native Method)
  Code:
  ===========
  My Web.xml has the configuration
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
  <web-app>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>mywebapp</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>viewer</role-name>
  </auth-constraint>
  </security-constraint>
  <security-role>
  <role-name>editor</role-name>
  <role-name>manager</role-name>
  <role-name>supereditor</role-name>
  <role-name>viewer</role-name>
  </security-role>
  </web-app>

  CFMX 7.0.2 is a separate application from JRun. If you have
  the multiserver or j2ee install of CFMX on JRun then you should
  install Updater 6. Also there are hot fixes on top of U6 that you
  might want to install. The following is a link to the JRun 4 hot
  fixes:
  http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_18526
  You should check each one individually to see if it applies
  to Updater 6.
  Ted Zimmerman

• Authorization using JRUN

  All
  I'm trying to implement Web Security Authorization using JRUN
  4. When I start the server, I'm getting an error. Your help is much
  appreciated
  06/03 15:46:24 error An exception was thrown when
  initializing the security filters.
  java.lang.NullPointerException
  at
  jrun.servlet.security.StandardSecurityFilter.<init>(StandardSecurityFilter.java:59)
  at
  jrun.servlet.security.WebAppSecurityService.createSecurityFilters(WebAppSecurityService.j ava:462)
  at
  jrun.servlet.security.WebAppSecurityService.start(WebAppSecurityService.java:95)
  at
  jrun.servlet.WebApplicationService.start(WebApplicationService.java:223)
  at
  jrun.ea.EnterpriseApplication.start(EnterpriseApplication.java:194)
  at
  jrun.deployment.DeployerService.initModules(DeployerService.java:708)
  at
  jrun.deployment.DeployerService.createWatchedDeployment(DeployerService.java:243)
  at
  jrun.deployment.DeployerService.deploy(DeployerService.java:428)
  at
  jrun.deployment.DeployerService.handleEvent(DeployerService.java:382)
  at
  jrunx.kernel.JRunServiceDeployer.fireEvent(JRunServiceDeployer.java:710)
  at
  jrunx.kernel.JRunServiceDeployer.deployServices(JRunServiceDeployer.java:111)
  at
  jrunx.kernel.DeploymentService.loadServices(DeploymentService.java:46)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
  Method)
  at
  sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at
  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at
  com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)
  at
  com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
  at
  com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerIntercepto r.java:815)
  at
  com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
  at jrunx.kernel.JRun.startServer(JRun.java:575)
  at jrunx.kernel.JRun.<init>(JRun.java:493)
  at jrunx.kernel.JRun$1.run(JRun.java:346)
  at java.security.AccessController.doPrivileged(Native
  Method)

  Any progress?

• Authentication & authorization best practices

  Hello!
  From what I understand of various documentation and videos, the Azure API app is just a web api with some extra metadata.  However in the previous product (Mobile Services) there were extra facilities to handle authentication - both for custom providers
  and for other social providers.
  Has this all gone?  Are we going back to this method here:
  http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
  ... and then doing all our social authentication manually / using other libraries like before?
  If the authentication plans are unfinished (as this is preview after all) it would be good to know so I can prioritise my work. :-)
  Thank you!

  Hi Guang, thank you for your help (on this post and so many others!)
  So from a code perspective, I can just grab those Nuget packages and load them straight into this API App project and code for it too, is that right?
  I've started by making the project in VS rather than provisioning one in the portal so I haven't seen those settings yet.  I'll just get myself a bit of a relevant demo going, then I will provision one and see the rest.
  Thanks again, let me know if those mobile service libraries are the right ones to grab.

• Is it possible to bypass JAAS authentication and use Authorisation alone?

  I have to implement jsp level security (by checking roles) for my JSF application.
  Authentications in my appln are done by a different servers. I don't want to disturb that.
  I have to implement authorisation alone using JAAS.
  Is it possible to bypass JAAS authentication and use Authorisation alone?
  I am using custom login module( implements DatabaseLoginModule) for authorisation.
  Moreover, after logging in, when a user tries to access a secured jsp page, he should NOT be redirected to login page again. Rather the role checks should be done using existing user credentials stored somewhere. How to invoke the custom DataBaseLoginModule without taking user to login screen?
  Any help would be great.
  Thanks,
  Adhil.J

  I have to implement jsp level security (by checking roles) for my JSF application.
  Authentications in my appln are done by a different servers. I don't want to disturb that.
  I have to implement authorisation alone using JAAS.
  Is it possible to bypass JAAS authentication and use Authorisation alone?
  I am using custom login module( implements DatabaseLoginModule) for authorisation.
  Moreover, after logging in, when a user tries to access a secured jsp page, he should NOT be redirected to login page again. Rather the role checks should be done using existing user credentials stored somewhere. How to invoke the custom DataBaseLoginModule without taking user to login screen?
  Any help would be great.
  Thanks,
  Adhil.J

• What kind of authentication is used on .mac accounts ???

  does anybody know what kind of authentication Apple uses to protect the Sites folder on a .Mac account?
  Is it "modauthbasic" or "modauthdigest"

  Quote from: Nichrome on 16-June-15, 00:31:36
  Hi
  I believe it's black plastic. Or at least feels like it's not painted but plain black plastic.
  Please note that if you paint it, you will void warranty. Unless you remove all paint before RMAing if you'll ever have to send it back for warranty (hopefully never).
  Duly noted, thanks for your help!

• AAA Authorization Using Local Database

  Hi Guys,
  I'm planning to use AAA authorization using local database. I have read already about it, I have configured the AAA new-model command and I have setup user's already. But I'm stuck at the part where I will already give certain user access to certain commands using local database. Hope you can help on this.
  FYI: I know using ACS/TACACS+/RADIUS is much more easy and powerful but my company will most likely only use local database.

  For allowing limited read only access , use this example,
  We need these commands on the switch
  Switch(config)#do sh run | in priv
  username admin privilege 15 password 0 cisco123!
  username test privilege 0 password 0 cisco
  privilege exec level 0 show ip interface brief
  privilege exec level 0 show ip interface
  privilege exec level 0 show interface
  privilege exec level 0 show switch
  No need for user to login to enable mode. All priv 0 commands are now there in the user mode. See below
  User Access Verification
  Username: test
  Password:
  Switch>show ?
  diagnostic Show command for diagnostic
  flash1: display information about flash1: file system
  flash: display information about flash: file system
  interfaces Interface status and configuration
  ip IP information
  switch show information about the stack ring
  Switch>show switch
  Switch/Stack Mac Address : 0015.f9c1.ca80
  H/W Current
  Switch# Role Mac Address Priority Version State
  *1 Master 0015.f9c1.ca80 1 0 Ready
  Switch>show run
  ^
  % Invalid input detected at '^' marker.
  Switch>show aaa server
  ^
  % Invalid input detected at '^' marker.
  Switch>show inter
  Switch>show interfaces
  Vlan1 is up, line protocol is up
  Hardware is EtherSVI, address is 0015.f9c1.cac0 (bia 0015.f9c1.cac0)
  Internet address is 192.168.26.3/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
  reliability 255/255, txload 1/255, rxload 1/255
  Switch>
  Please check this link,
  http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
  Regards,
  ~JG
  Do rate helpful posts