Filter
Top Products
Chapter 13 User Databases
Token Server User Databases
13-78
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Token Server User Databases
Cisco Secure ACS supports the use of token servers for the increased security
provided by one-time passwords (OTPs).
This section contains the following topics:
• About Token Servers and Cisco Secure ACS, page 13-78
• RADIUS-Enabled Token Servers, page 13-79
• RSA SecurID Token Servers, page 13-84
About Token Servers and Cisco Secure ACS
Cisco Secure ACS provides ASCII, PAP, and PEAP(EAP-GTC) authentication
using token servers. Other authentication protocols are not supported with token
server databases.
Note Authentication protocols not supported with token server databases may be
supported by another type of external user database. For more information about
authentication protocols and the external database types that support them, see
Authentication Protocol-Database Compatibility, page 1-10.
Requests from the AAA client are first sent to Cisco Secure ACS. If Cisco Secure
ACS has been configured to authenticate against a token server and finds the
username, it forwards the authentication request to the token server. If it does not
find the username, Cisco Secure ACS checks the database configured to
authenticate unknown users. If the request for authentication is passed, the
appropriate authorizations are forwarded to the AAA client along with the
approved authentication. Cisco Secure ACS then maintains the accounting
information.
Cisco Secure ACS acts as a client to the token server. For all token servers except
RSA SecurID, Cisco Secure ACS accomplishes this using the RADIUS interface
of the token server. For more information about Cisco Secure ACS support of
token servers with a RADIUS interface, see RADIUS-Enabled Token Servers,
page 13-79.