Ciscosecure user database, About the ciscosecure user database – Cisco 3.3 User Manual
Page 486
Chapter 13 User Databases
CiscoSecure User Database
13-2
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
•
Token Server User Databases, page 13-78
•
Deleting an External User Database Configuration, page 13-86
CiscoSecure User Database
The CiscoSecure user database is the database internal to Cisco Secure ACS. It
supports authentication using ASCII, PAP, CHAP, MS-CHAP, ARAP, LEAP,
EAP-MD5, EAP-TLS, PEAP(EAP-GTC), PEAP(EAP-MSCHAPv2), and
EAP-FAST (phase zero and phase two).
The CiscoSecure user database is crucial for the authorization process. Regardless
of whether a user is authenticated by the internal user database or by an external
user database, Cisco Secure ACS authorizes network services for users based
upon group membership and specific user settings found in the CiscoSecure user
database. Thus, all users authenticated by Cisco Secure ACS, even those
authenticated by an external user database, have an account in the CiscoSecure
user database.
About the CiscoSecure User Database
The CiscoSecure user database draws information from several data sources,
including a memory-mapped, hash-indexed file,
VarsDB.MDB
(in Microsoft Jet
database format), and the Windows Registry.
VarsDB.MDB
uses an index and tree
structure, so searches can occur logarithmically rather than linearly, thus yielding
very fast lookup times. This enables the CiscoSecure user database to authenticate
users quickly.
For users authenticated using the CiscoSecure user database, Cisco Secure ACS
stores user passwords in an encrypted format, using RC2 encryption with a 40-bit
key. For users authenticated with external user databases, Cisco Secure ACS does
not store passwords in the CiscoSecure user database.
Unless you have configured Cisco Secure ACS to authenticate users with an
external user database, Cisco Secure ACS uses usernames and passwords in the
CiscoSecure user database during authentication. For more information about
specifying an external user database for authentication of a user, see
.