Chapter 11 Working with User Databases
ODBC Database
11-34
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Authentication for CHAP/MS-CHAP/ARAP occurs within Cisco Secure ACS.
The stored procedure returns the fields for the record with a matching username,
including the password. Cisco Secure ACS confirms or denies authentication
based on the values returned from the procedure.
To support the two protocols, Cisco Secure ACS provides different input to, and
expects different output from, the ODBC authentication request. This requires a
separate stored procedure in the relational database to support each protocol.
The Cisco Secure ACS product CD provides “stub” routines for creating a
procedure in either Microsoft SQL Server or an Oracle database. You can either
modify a copy of these routines to create your stored procedure or write your own.
Example routines for creating PAP and CHAP/MS-CHAP/ARAP authentication
stored procedures in SQL Server are given in the “Sample Routine for Generating
a PAP Authentication SQL Procedure” section on page 11-35 and the “Sample
Routine for Generating an SQL CHAP Authentication Procedure” section on
page 11-36.
The following sections provide reference information about Cisco Secure ACS
data types versus SQL data types, PAP authentication procedure inputs and
outputs, CHAP/MS-CHAP/ARAP authentication procedure inputs and outputs,
and expected result codes. You can use this information while writing your
authentication stored procedures in your relational database.
Type Definitions
The Cisco Secure ACS types and their matching SQL types are as follows:
• Integer—SQL_INTEGER
• String—SQL_CHAR or SQL_VARCHAR
Microsoft SQL Server and Case-Sensitive Passwords
If you want your passwords to be case sensitive and are using Microsoft SQL
Server as your ODBC-compliant relational database, configure your SQL Server
to accommodate this feature. If your users are authenticating using PPP via PAP
or Telnet login, the password might not be case sensitive, depending on how the
case-sensitivity option is set on the SQL Server. For example, an Oracle database