I'm having a real difficult time understanding how AAA authorization works from the official cert guide. They only really list a single page on it, and while it has examples, it doesn't really go into enough detail on what the examples mean, or do anything to show how it's tied in with anything else. (that last bit may not make sense, but below you'll see why I mention it).
Here's one of the examples given:
aaa authorization commands 15 goofy local
I can break down most of the command well enough; it checks level 15 commands against the local user database. The part where I get stuck is "for the goofy method list".
At first I'm thinking it has something to do with the method lists you create for aaa authentication which are then applied to aux/con/vty lines, but that doesn't really seem to make sense; you're using those lists to specify what method to use to authenticate on each line; so you wouldn't need to specify 'local' again I'd think if you were trying to link the 2. "Method goofy uses the local database. It's assigned to the vty lines and is used to authorize level 15 commands". Just doesn't really seem right.
I dunno, maybe I'm thinking in circles, but I can't see any other purpose for the 'goofy' in that line. A simple "aaa authorization commands 15 local" I could understand completely. What am I missing?
