beautypg.com

Cisco 3.3 User Manual

Page 543

background image

13-59

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 13 User Databases

ODBC Database

Cisco Secure ACS grants authorization based on the Cisco Secure ACS group to
which the user is assigned. While the group to which a user is assigned can be
determined by information from the ODBC database using a process known as
“group specification”, it is Cisco Secure ACS that grants authorization privileges.

Preparing to Authenticate Users with an ODBC-Compliant
Relational Database

Authenticating users with an ODBC-compliant relational database requires that
you complete several significant steps external to Cisco Secure ACS before
configuring Cisco Secure ACS with an ODBC external user database.

To prepare for authenticating with an ODBC-compliant relational database,
follow these steps:

Step 1

Install your ODBC-compliant relational database on its server. For more
information, refer to the relational database documentation.

Note

The relational database you use is not supplied with Cisco Secure ACS.

Step 2

Create the database to hold the usernames and passwords. The database name is
irrelevant to Cisco Secure ACS, so you can name the database however you like.

Step 3

Create the table or tables that will hold the usernames and passwords for your
users. The table names are irrelevant to Cisco Secure ACS, so you can name the
tables and columns however you like.

Note

For SQL database columns that hold user passwords, we recommend
using varchar format. If you define password columns as char, password
comparison may fail if the password does not use the full length of the
field. For example, if a password column is 16 characters wide but the
password is only ten characters long, the database may append six spaces
make the value used for password comparison 16 characters long, causing
comparison to the actual password submitted by the user to fail.