Setting tacacs+ outbound password for a user, Radius attributes – Cisco 3.3 User Manual
Page 283
7-37
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 7 User Management
Advanced User Authentication Settings
Setting TACACS+ Outbound Password for a User
The TACACS+ outbound password enables a AAA client to authenticate itself to
another AAA client via outbound authentication. The outbound authentication
can be PAP, CHAP, MS-CHAP, or ARAP, and results in the Cisco Secure ACS
password being given out. By default, the user ASCII/PAP or
CHAP/MS-CHAP/ARAP password is used. To prevent compromising inbound
passwords, you can configure a separate SENDAUTH password.
Caution
Use an outbound password only if you are familiar with the use of a TACACS+
SendAuth/OutBound password.
To set a TACACS+ outbound password for a user, follow these steps:
Step 1
Perform Step 1 through Step 3 of
Adding a Basic User Account, page 7-4
The User Setup Edit page opens. The username being added or edited is at the top
of the page.
Step 2
Type and retype to confirm a TACACS+ outbound password for this user.
Step 3
Do one of the following:
•
If you are finished configuring the user account options, click Submit to
record the options.
•
To continue to specify the user account options, perform other procedures in
this chapter, as applicable.
RADIUS Attributes
You can configure user attributes for RADIUS authentication either generally, at
the IETF level, or for vendor-specific attributes (VSAs) on a vendor-by-vendor
basis. For general attributes, see
Setting IETF RADIUS Parameters for a User,
. Cisco Secure ACS ships with many popular VSAs already loaded and
available to configure and apply. For information about creating additional,
custom RADIUS VSAs, see
Custom RADIUS Vendors and VSAs, page 9-28
.