Chapter 7 Setting Up and Managing User Accounts
Basic User Setup Options
7-8
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Setting a Separate CHAP/MS-CHAP/ARAP Password
Setting a separate CHAP/MS-CHAP/ARAP password adds more security to
Cisco Secure ACS authentication. However, you must have a AAA client
configured to support the separate password.
To allow the user to authenticate using a CHAP, MS-CHAP, or ARAP password,
instead of the PAP password in the CiscoSecure user database, follow these steps:
Step 1 Perform Steps 1 through 3 of the “Adding a Basic User Account” section on
page 7-5.
Result: The User Setup Edit page opens. The username being added or edited
appears at the top of the page.
Step 2 Select the Separate CHAP/MS-CHAP/ARAP check box in the User Setup table.
Step 3 Specify the CHAP/MS-CHAP/ARAP password to be used by typing it in each of
the second set of Password/Confirm boxes under the Separate
(CHAP/MS-CHAP/ARAP) check box.
Note These Password and Confirm Password boxes are only required for
authentication by the Cisco Secure ACS database. Additionally, if a
user is assigned to a VoIP (null password) group, and the optional
password is also included in the user profile, the password is not used
until the user is re-mapped to a non-VoIP group.
Step 4 Do one of the following:
a. If you are finished configuring the user account options, click Submit to
record the options.
b. To continue to specify the user account options, perform other procedures in
this chapter, as applicable.