uauth


Usage Guidelines

The clear uauth command deletes one user's or all users' AAA authorization caches, which forces the user or users to reauthenticate the next time they create a connection. The show uauth command displays one or all currently authenticated users, the host IP to which they are bound, and, if applicable, any cached IP and port authorization information.

The show uauth command also lists CiscoSecure idletime and timeout values, which can be set for different user groups.

Each user host's IP address has an authorization cache attached to it. If the user attempts to access a service that has been cached from the correct host, the firewall considers it preauthorized and immediately unproxies the connection. This means that once you are authorized to access a website, for example, the authorization server is not contacted for each of the images as they are loaded (assuming they come from the same IP address). This significantly increases performance and reduces load on the authorization server.

The cache allows up to 16 address and service pairs for each user host.

The output from the show uauth command displays the username provided to the authorization server for authentication and authorization purposes, the IP address that the username is bound to, and whether the user is authenticated only, or has cached services.

Use the timeout uauth command to specify how long the cache should be kept after the user connections become idle. Use the clear uauth command to delete all authorization caches for all users, which will cause them to have to reauthenticate the next time they create a connection.

Examples

The following is sample output from the show uauth command:
    show uauth
    user `pat' from 209.165.201.2 authenticated
    user `robin' from 209.165.201.4 authorized to:
    port 192.168.67.34/telnet 192.168.67.11/http192.168.67.33/tcp/8001
    192.168.67.56/tcp/25192.168.67.42/ftp"
    user `terry' from 209.165.201.7 authorized to:
    port 192.168.1.50/http209.165.201.8/http

In this example, Pat has authenticated with the server but has not completed authorization. Robin has preauthorized connections to the Telnet, Web (HTTP), sendmail, FTP services, and to TCP port 8001 on 192.168.67.33.

Terry has been browsing the Web and is authorized for Web browsing to the two sites shown.

The next example causes Pat to reauthenticate:

     clear  uauth pat