I have managed to get my 2600 ver 12.3 to authenticate to a Juniper Steel-belted Radius server. I am also setting the authorization with the radius server.
The command on the router is: aaa authorization exec default group radius
The return-list on the radius server is: cisco-AVPAIR shell:priv-lvl=15
Thus, when I successfully authenticate to get into the router, I am automatically authorized with administrator privilege.
I'm wondering if I can get even fancier with this. Is it possible to authorize with read-only access? And once I'm logged in with RO access, is it possible to enter an enable password that will give me write access? Finally (and this probably very pie-in-the-sky), is it possible to have that enable password also managed by the radius server, so that if I ever have to change it, I don't have to change it locally on every router?