Cisco Systems Servers Benutzerhandbuch

Authentication for CHAP/MS-CHAP/ARAP occurs within Cisco Secure ACS. 
The stored procedure returns the fields for the record with a matching username, 
including the password. Cisco Secure ACS confirms or denies authentication 
based on the values returned from the procedure.

To support the two protocols, Cisco Secure ACS provides different input to, and 
expects different output from, the ODBC authentication request. This requires a 
separate stored procedure in the relational database to support each protocol.

The Cisco Secure ACS product CD provides “stub” routines for creating a 
procedure in either Microsoft SQL Server or an Oracle database. You can either 
modify a copy of these routines to create your stored procedure or write your own. 
Example routines for creating PAP and CHAP/MS-CHAP/ARAP authentication 
stored procedures in SQL Server are given in the 

.

The following sections provide reference information about Cisco Secure ACS 
data types versus SQL data types, PAP authentication procedure inputs and 
outputs, CHAP/MS-CHAP/ARAP authentication procedure inputs and outputs, 
and expected result codes. You can use this information while writing your 
authentication stored procedures in your relational database.

The Cisco Secure ACS types and their matching SQL types are as follows:

Integer—SQL_INTEGER

String—SQL_CHAR or SQL_VARCHAR

If you want your passwords to be case sensitive and are using Microsoft SQL 
Server as your ODBC-compliant relational database, configure your SQL Server 
to accommodate this feature. If your users are authenticating using PPP via PAP 
or Telnet login, the password might not be case sensitive, depending on how the 
case-sensitivity option is set on the SQL Server. For example, an Oracle database