beautypg.com

Setting tacacs+ outbound password for a user, Radius attributes – Cisco 3.3 User Manual

Page 283

background image

7-37

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 7 User Management

Advanced User Authentication Settings

Setting TACACS+ Outbound Password for a User

The TACACS+ outbound password enables a AAA client to authenticate itself to
another AAA client via outbound authentication. The outbound authentication
can be PAP, CHAP, MS-CHAP, or ARAP, and results in the Cisco Secure ACS
password being given out. By default, the user ASCII/PAP or
CHAP/MS-CHAP/ARAP password is used. To prevent compromising inbound
passwords, you can configure a separate SENDAUTH password.

Caution

Use an outbound password only if you are familiar with the use of a TACACS+
SendAuth/OutBound password.

To set a TACACS+ outbound password for a user, follow these steps:

Step 1

Perform Step 1 through Step 3 of

Adding a Basic User Account, page 7-4

.

The User Setup Edit page opens. The username being added or edited is at the top
of the page.

Step 2

Type and retype to confirm a TACACS+ outbound password for this user.

Step 3

Do one of the following:

If you are finished configuring the user account options, click Submit to
record the options.

To continue to specify the user account options, perform other procedures in
this chapter, as applicable.

RADIUS Attributes

You can configure user attributes for RADIUS authentication either generally, at
the IETF level, or for vendor-specific attributes (VSAs) on a vendor-by-vendor
basis. For general attributes, see

Setting IETF RADIUS Parameters for a User,

page 7-38

. Cisco Secure ACS ships with many popular VSAs already loaded and

available to configure and apply. For information about creating additional,
custom RADIUS VSAs, see

Custom RADIUS Vendors and VSAs, page 9-28

.