Chapter 1
Overview of Cisco Secure ACS
User-Changeable Passwords
Other Authentication-Related Features
Authorization
78-14696-01, Version 3.1
The methods and functionality of Windows password aging differ according to
whether you are using Windows NT or Windows 2000 and whether you employ
Active Directory (AD) or Security Accounts Manager (SAM). For information on
the requirements and configuration of the Windows-based password aging
feature, see
Enabling Password Aging for Users in Windows Databases,
page
6-25.
With Cisco Secure ACS, you can install a separate program that enables users to
change their passwords by using a web-based utility. For more information about
installing user-changeable passwords, see the Installation and User Guide for
Cisco Secure ACS User-Changeable Passwords.
In addition to the authentication-related features discussed in this section, the
following features are provided by Cisco Secure ACS:
Authentication of unknown users with external user databases (see
•
User Processing, page
Microsoft Windows Callback feature (see
•
page
7-10).
Ability to configure user accounts, including passwords, using an external
•
data source (see
About RDBMS Synchronization, page
Ability for external users to authenticate via an enable password (see
•
TACACS+ Enable Password Options for a User, page
Proxy of authentication requests to other AAA servers (see
•
Distributed Systems, page
Configurable character string stripping from proxied authentication requests
•
(see
Stripping, page
Authorization determines what a user is allowed to do. Cisco Secure ACS can
send user profile policies to a AAA client to determine the network services the
user can access. You can configure authorization to give different users and
12-1).
Setting User Callback Option,
4-4).
4-6).
User Guide for Cisco Secure ACS for Windows Server
AAA Server Functions and Concepts
Unknown
8-30).
7-35).
Proxy in
Setting
1-15