certificate-aaa-policy

This command associates an AAA policy that determines whether a password is required for secondary authentication with the FTP server handler.

Syntax

certificate-aaa-policy name

Parameters

name: Specifies the name of an AAA policy.

Guidelines

The certificate-aaa-policy command associates an AAA policy that determines whether a password is required for secondary authentication. Secondary authentication uses the information in the TLS certificate that is provided during TLS negotiation after the AUTH TLS command to the FTP server. Primary authentication is done by the TLS profile, which can completely reject a certificate. This authentication stage controls whether an FTP password is demanded.

If the result of this authentication succeeds, the FTP client uses the USER command to log in after the AUTH TLS.
If this authentication fails, the FTP client uses both the USER and PASS commands to complete the login process.

Without a certificate AAA policy, USER and PASS are always required. If the AUTH TLS command is not used by the FTP client, USER and PASS are always required.