Token Server

ASCII, PAP, and PEAP (EAP-GTC) are the token server authentication protocols supported by Cisco Secure ACS.

In a scenario that ACS has been configured to authenticate against a token server, the username, PIN, and one-time password (OTP) provided by the token is forwarded to the token server for validation. If the token server verifies the authentication request, the user is successfully authenticated, and the appropriate authorizations are granted. In this type of configuration, the ACS acts as a client to the token server. For all token servers except RSA SecurID, ACS accomplishes this using the RADIUS interface. For RSA SecurID, ACS uses an RSA proprietary API. For information about configuration and support for each type of token server, refer to Cisco.com.

Figure 9-8 shows the user authentication to a network device using a token server.

0 0

Post a comment