beautypg.com

Cisco 3.3 User Manual

Page 409

background image

10-29

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 10 System Configuration: Authentication and Certificates

Global Authentication Setup

Note

Decreasing the retired master key TTL is likely to cause some retired
master keys to expire; therefore, end-user clients with PACs based on
the newly expired master keys require PAC provisioning.

Note

Decreasing the retired master key TTL can cause retired master keys
to expire; therefore, decreasing the retired master key TTL requires
PAC provisioning for end-user clients with PACs based on the newly
expired master keys.

For more information about master keys, see

About Master Keys,

page 10-15

.

PAC TTL—The duration that a PAC is used before it expires and must
be replaced. If the master key used to generate it has not expired, new
PAC creation and assignment are automatic. If the master key used to
generate it has expired, in-band or out-of-band provisioning must be used
to provide the end-user client with a new PAC. The default PAC TTL is
one week.

For more information about PACs, see

About PACs, page 10-17

.

Client initial display message—Specifies a message to be sent to users
who authenticate with an EAP-FAST client. Maximum length is 40
characters.

Note

A user will see the initial display message only if the end-user client
supports its display.

Authority ID Info—A short description of this Cisco Secure ACS, sent
along with PACs issued by Cisco Secure ACS. EAP-FAST end-user
clients use it to describe the AAA server that issued the PAC. Maximum
length is 64 characters.