8-69
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter8 Managing Users and I dentity Stores
Managing External Identity Stores
Configuring Shell Prompts
For TACACS+ ASCII authentication, ACS must return the password prompt to the user. RADIUS
identity server supports this functionality by the password prompt option. ACS can use the prompt that
you configure in the Shell Prompts page on the ACS web interface. If the prom pt is empty, the user
receives the default prompt that is configured under TACACS+ global settings.
When establishing a connection with a RADIUS identity server, the initial request packets may not have
the password. You must request a password. You can use this page to define the prompt that is used to
request the password. To do this:
Step1 Enter the text for the prompt in the Prompt field.
Step2 Do one of the following:
Click Submit to configure the prompt for requesting the password.
Click the Directory Attributes tab to define a list of attributes that you want to use in policy rule
conditions. See Configuring Directory Attributes, page 8-69 for more information.
Related Topics
RADIUS Identity Stores, page8-63
Creating, Duplicating, and Editing RADIUS Identity Servers, page8-66
Configuring General Settings, page 8-67
Configuring Directory Attributes, page 8-69
Configuring Advanced Options, page 8-70
Configuring Directory Attributes
When a RADIUS identity server responds to a request, RADIUS attributes are returned along with the
response. You can make use of these RADIUS attributes in policy rules.
In the Directory Attributes tab, you can specify the RADIUS attributes that you use in policy rule
conditions. ACS maintains a separate list of these attributes.
Step1 Modify the fields in the Directory Attributes tab as described in Ta ble 8- 20.
Table8-20 RADIUS Identity Servers - Directory Attributes Tab
Option Description
Attribute List Use this section to create the attracted list to include in policy conditions. As you include each
attribute, its name, type, default value, and policy condition name appear in the table. To:
Add a RADIUS attribute, fill in the fields below the table and click Add.
Edit a RADIUS attribute, select the appropriate row in the table and click Edit. The RADIUS
attribute parameters appear in the fields below the table. Edit as required, then click Replace.
Dictionary Type RADIUS dictionary type. Click the drop-down list box to select a RADIUS dictionary type.