Cisco Systems CSACS3415K9 Manuale Utente
8-2
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 8 Managing Users and Identity Stores
Overview
Fixed components are:
•
Name
•
Description
•
Password
•
Enabled or disabled status
•
Identity group to which users belong
Configurable components are:
•
Enable password for TACACS+ authentication
•
Sets of identity attributes that determine how the user definition is displayed and entered
Cisco recommends that you configure identity attributes before you create users. When identity
attributes are configured:
attributes are configured:
•
You can enter the corresponding values as part of a user definition.
•
They are available for use in policy decisions when the user authenticates.
•
They can be used to populate the values returned for RADIUS attributes in an authorization profile.
Internal user identity attributes are applied to the user for the duration of the user’s session.
Internal identity stores contain the internal user attributes and credential information used to authenticate
internal users.
internal users.
Internal host records are similar to internal user records, except that they do not contain any password
information. Hosts are identified by their MAC addresses. For information on managing internal identity
stores, see
information. Hosts are identified by their MAC addresses. For information on managing internal identity
stores, see
External Identity Stores
External identity stores are external databases on which ACS performs authentications for internal and
external users. ACS 5.4 supports the following external identity stores:
external users. ACS 5.4 supports the following external identity stores:
•
LDAP
•
Active Directory
•
RSA SecurID Token Server
•
RADIUS Identity Server
External identity store user records include configuration parameters that are required to access the
specific store. You can define attributes for user records in all the external identity stores except the RSA
SecurID Token Server. External identity stores also include certificate information for the ACS server
certificate and certificate authentication profiles.
specific store. You can define attributes for user records in all the external identity stores except the RSA
SecurID Token Server. External identity stores also include certificate information for the ACS server
certificate and certificate authentication profiles.
For more information on how to manage external identity stores, see
.