C H A P T E R 12
Configuring AAA Servers and User Accounts
This chapter describes support for AAA (pronounced “triple A”) and how to configure AAA servers and the local database.
This chapter contains the following sections:
•AAA Overview, page
•AAA Server and Local Database Support, page
•Configuring the Local Database, page
•Identifying AAA Server Groups and Servers, page
•Configuring an Authentication Prompt, page
•Configuring an LDAP Attribute Map, page
AAAOverview
AAAenables the security appliance to determine who the user is (authentication), what the user can do (authorization), and what the user did (accounting).
AAAprovides an extra level of protection and control for user access than using access lists alone. For example, you can create an access list allowing all outside users to access Telnet on a server on the DMZ network. If you want only some users to access the server and you might not always know IP addresses of these users, you can enable AAA to allow only authenticated and/or authorized users to make it through the security appliance. (The Telnet server enforces authentication, too; the security appliance prevents unauthorized users from attempting to access the server.)
You can use authentication alone or with authorization and accounting. Authorization always requires a user to be authenticated first. You can use accounting alone, or with authentication and authorization.
This section includes the following topics:
•About Authentication, page
•About Authorization, page
•About Accounting, page
About Authentication
Authentication controls access by requiring valid user credentials, which are typically a username and password. You can configure the security appliance to authenticate the following items:
|
| ASDM User Guide |
|
|
|
|
|
| |||
|
|
|
|
| |
|
|
|
|