Cisco Systems Servers Manuale Utente

11-49

Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide

78-13751-01, Version 3.0

Chapter 11 Working with User Databases

Token Server User Databases

RADIUS-Enabled Token Servers

This section describes Cisco Secure ACS support for token servers that provide a
standard RADIUS interface.

About RADIUS-Enabled Token Servers

Cisco Secure ACS can support token servers using the RADIUS server built into
the token server. Rather than using the vendor’s proprietary API,
Cisco Secure ACS sends standard RADIUS authentication requests to the
RADIUS authentication port on the token server. The token servers supported
through their RADIUS servers are as follows:

•

ActivCard

•

CRYPTOCard

•

Vasco

You can create multiple instances of each of these token server types in
Cisco Secure ACS. For information about configuring Cisco Secure ACS to
authenticate users with one of these token servers, see the

“Configuring a

RADIUS Token Server External User Database” section on page 11-50

Cisco Secure ACS also supports any token server that is a RADIUS server
compliant with IETF RFC 2865. So, in addition to the RADIUS-enabled token
server vendors explicitly supported, this enables you to use any token server that
supports RADIUS-based authentication.

Although Cisco Secure ACS supports mapping users authenticated by a
RADIUS-enabled token server to a single group, Cisco Secure ACS also provides
a means for specifying a user’s group assignment in the RADIUS response from
the RADIUS-enabled token server. For more information, see the

“RADIUS-Based Group Specification” section on page 12-21