Contents
xxv
Cisco ASA 5500 Series Configuration Guide using the CLI
CHAPTER
35 Configuring AAA Servers and the Local Database 35-1
Information About AAA 35-1
Information About Authentication 35-2
Information About Authorization 35-2
Information About Accounting 35-3
Summary of Server Support 35-3
RADIUS Server Support 35-4
Authentication Methods 35-4
Attribute Support 35-4
RADIUS Authorization Functions 35-5
TACACS+ Server Support 35-5
RSA/SDI Server Support 35-5
RSA/SDI Version Support 35-5
Two-step Authentication Process 35-5
RSA/SDI Primary and Replica Servers 35-6
NT Server Support 35-6
Kerberos Server Support 35-6
LDAP Server Support 35-6
Authentication with LDAP 35-6
LDAP Server Types 35-7
HTTP Forms Authentication for Clientless SSL VPN 35-8
Local Database Support, Including as a Falback Method 35-8
How Fallback Works with Multiple Servers in a Group 35-8
Using Certificates and User Login Credentials 35-9
Using User Login Credentials 35-9
Using Certificates 35-9
Licensing Requirements for AAA Servers 35-10
Guidelines and Limitations 35-10
Configuring AAA 35-10
Task Flow for Configuring AAA 35-11
Configuring AAA Server Groups 35-11
Configuring Authorization with LDAP for VPN 35-16
Configuring LDAP Attribute Maps 35-18
Adding a User Account to the Local Database 35-20
Guidelines 35-20
Limitations 35-21
Managing User Passwords 35-25
.Changing User Passwords 35-27
Authenticating Users with a Public Key for SSH 35-28