Cisco Systems Servers Manuale Utente

Setting a separate CHAP/MS-CHAP/ARAP password adds more security to 
Cisco Secure ACS authentication. However, you must have a AAA client 
configured to support the separate password.

To allow the user to authenticate using a CHAP, MS-CHAP, or ARAP password, 
instead of the PAP password in the CiscoSecure user database, follow these steps:

Perform Steps 1 through 3 of the 

Result: The User Setup Edit page opens. The username being added or edited 
appears at the top of the page.

Select the Separate CHAP/MS-CHAP/ARAP check box in the User Setup table.

Specify the CHAP/MS-CHAP/ARAP password to be used by typing it in each of 
the second set of Password/Confirm boxes under the Separate 
(CHAP/MS-CHAP/ARAP) check box. 

These Password and Confirm Password boxes are only required for 
authentication by the Cisco Secure ACS database. Additionally, if a 
user is assigned to a VoIP (null password) group, and the optional 
password is also included in the user profile, the password is not used 
until the user is re-mapped to a non-VoIP group.

Do one of the following:

If you are finished configuring the user account options, click Submit to 
record the options.

To continue to specify the user account options, perform other procedures in 
this chapter, as applicable.