Support User Manuals

Cisco Systems Servers Server User Manual

Open as PDF

of 654

Chapter 12 Administering External User Databases

Unknown User Processing

12-2

Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide

78-13751-01, Version 3.0

The Unknown User feature enables Cisco Secure ACS to use a variety of external

databases in addition to its own internal database to authenticate incoming user

requests. With this feature, Cisco Secure ACS provides the foundation for a basic

single sign-on capability by integrating network and host-level access control.

Because the incoming usernames and passwords of users dialing in can be

authenticated with external user databases, there is no need for the network

administrator to maintain a duplicate list within Cisco Secure ACS. This provides

two advantages to the Cisco Secure ACS administrator:

• Eliminates the necessity of entering every user multiple times

• Prevents data-entry errors that are inherent to manual procedures

Known, Unknown, and Cached Users

The Unknown User feature implements three categories of users in

Cisco Secure ACS. Each category is treated differently:

• Known Users explicitly added, either manually or automatically, into the

Cisco Secure ACS database.

These are users added through User Setup in the HTML interface, by the

RDBMS Synchronization feature, by the Database Replication feature, or

through by the CSUtil.exe utility. For more information about CSUtil.exe,

see Appendix E, “Cisco Secure ACS Command-Line Database Utility.” In

the CiscoSecure user database, each user must have an assigned password and

must be explicitly associated with a particular authentication database.

• Unknown Users—Users who have no account entry in the CiscoSecure user

database.

Such users never have previously authenticated with Cisco Secure ACS. If

the Unknown User Policy is configured in Cisco Secure ACS,

Cisco Secure ACS attempts to authenticate these users with external user

databases.

• Cached Users—Users whose accounts were automatically added to the

Cisco Secure ACS database when Cisco Secure ACS successfully

authenticated them using the Unknown User Policy.

All cached users were once unknown users. The authentication process for

cached users is identical to the authentication process for known users.

previous next