Cisco 3.3 User Manual

Appendix D CSUtil Database Utility

PAC File Generation

D-42

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

–

-f list—CSUtil.exe generates a PAC file for each username contained in
the file specified, where list represents the full path and filename of the
list of usernames.

Lists of usernames should contain one username per line with no
additional spaces or other characters.

For example, if list.txt in d:\temp\pacs contains the following usernames:

seaniemop

jwiedman

echamberlain

and you ran CSUtil.exe -t -f d:\temp\pacs\list.txt, CSUtil.exe generates
three PAC files:

seaniemop.pac

,

jwiedman.pac

, and

echamberlain.pac

.

Tip

You can also specify domain-qualified usernames, using the format
DOMAIN\username. For example, if you specify

ENIGINEERING\augustin

,

Cisco Secure ACS generates a PAC file name

ENGINEERING_augustin.pac

.

•

-passwd password—CSUtil.exe uses the password specified, rather than the
default password, to protect the PAC files it generates. The password you
specify is required when the PACs it protects are loaded into an EAP-FAST
end-user client.

Note

We recommend that you use a password you devise rather than the
default password.

PAC passwords can contain any character, are between four and 128
characters long, and case sensitive. While CSUtil.exe does not enforce strong
password rules, we recommend that you use a strong password, that is, your
PAC password should:

–

Be very long.

–

Contain uppercase and lowercase letters.

–

Contain numbers in addition to letters.

–

Contain no common words or names.