Csauth – Cisco 3.3 User Manual
Page 827
G-3
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Appendix G Internal Architecture
CSAuth
in the HTTP Port Allocation feature, you should not encounter port conflicts for
HTTP traffic. For more information about the HTTP Port Allocation feature, see
.
Note
For more information about access to the HTML interface and network
environments, see
Network Environments and Administrative Sessions,
Although you can start and stop services from within the Cisco Secure ACS
HTML interface, this does not include starting or stopping CSAdmin. If CSAdmin
stops abnormally because of an external action, you cannot access Cisco Secure
ACS from any computer other than the Windows server on which it is running.
You can start or stop CSAdmin from Windows Control Panel.
CSAdmin is multi-threaded, which enables several Cisco Secure ACS
administrators to access it at the same time. Therefore, CSAdmin is well suited
for distributed, multiprocessor environments.
CSAuth
CSAuth is the authentication and authorization service. It permits or denies access
to users by processing authentication and authorization requests. CSAuth
determines if access should be granted and defines the privileges for a particular
user. CSAuth is the Cisco Secure ACS database manager.
To authenticate users, Cisco Secure ACS can use the internal user database or one
of many external databases. When a request for authentication arrives,
Cisco Secure ACS checks the database that is configured for that user. If the user
is unknown, Cisco Secure ACS checks the database(s) configured for unknown
users. For more information about how Cisco Secure ACS handles authentication
requests for unknown users, see
About Unknown User Authentication, page 15-4
.
For more information about the various database types supported by Cisco Secure
ACS, see
When a user has authenticated, Cisco Secure ACS obtains a set of authorizations
from the user profile and the group to which the user is assigned. This information
is stored with the username in the CiscoSecure user database. Some of the
authorizations included are the services to which the user is entitled, such as IP
over PPP, IP pools from which to draw an IP address, access lists, and