Authentication determines user identity and verifies the
information. Traditional authentication uses a name and a fixed password. More
modern and secure methods use technologies such as CHAP and one-time passwords
(OTPs). Cisco Secure ACS supports a wide variety of these authentication
methods.
There is a fundamental implicit relationship between authentication and
authorization. The more authorization privileges granted to a user, the
stronger the authentication should be. Cisco Secure ACS supports this
fundamental relationship by providing various methods of authentication.
Network administrators who offer increased levels of security services, and
corporations that want to lessen the chance of intruder access resulting from
password capturing, can use an OTP. Cisco Secure ACS supports several types of
OTP solutions, including PAP for Point-to-Point Protocol (PPP) remote-node
login. Token cards are considered one of the strongest OTP authentication
mechanisms.
Cisco Secure ACS supports a variety of user databases
. In addition to
the CiscoSecure user database, Cisco Secure ACS supports several external user
databases, including the following:
- Windows NT/2000 User Database
- Generic LDAP
- Novell NetWare Directory Services (NDS)
- Open Database Connectivity (ODBC)-compliant relational databases
- CRYPTOCard token server
- SafeWord token server
- AXENT token server
- RSA SecureID token server
- ActivCard token server
- Vasco token server