Cisco Systems CSACS3415K9 Configuring Shell Prompts, Configuring Directory Attributes

8-69

User Guide for Cisco Secure Access Control System 5.4

OL-26225-01

Chapter8 Managing Users and I dentity Stores

Managing External Identity Stores

Configuring Shell Prompts

For TACACS+ ASCII authentication, ACS must return the password prompt to the user. RADIUS

identity server supports this functionality by the password prompt option. ACS can use the prompt that

you configure in the Shell Prompts page on the ACS web interface. If the prom pt is empty, the user

receives the default prompt that is configured under TACACS+ global settings.

When establishing a connection with a RADIUS identity server, the initial request packets may not have

the password. You must request a password. You can use this page to define the prompt that is used to

request the password. To do this:

Step1 Enter the text for the prompt in the Prompt field.

Step2 Do one of the following:

•Click Submit to configure the prompt for requesting the password.

•Click the Directory Attributes tab to define a list of attributes that you want to use in policy rule

conditions. See Configuring Directory Attributes, page 8-69 for more information.

Related Topics

•RADIUS Identity Stores, page8-63

•Creating, Duplicating, and Editing RADIUS Identity Servers, page8-66

•Configuring General Settings, page 8-67

•Configuring Directory Attributes, page 8-69

•Configuring Advanced Options, page 8-70

Configuring Directory Attributes

When a RADIUS identity server responds to a request, RADIUS attributes are returned along with the

response. You can make use of these RADIUS attributes in policy rules.

In the Directory Attributes tab, you can specify the RADIUS attributes that you use in policy rule

conditions. ACS maintains a separate list of these attributes.

Step1 Modify the fields in the Directory Attributes tab as described in Ta ble 8- 20.

Table8-20 RADIUS Identity Servers - Directory Attributes Tab

Option Description

Attribute List Use this section to create the attracted list to include in policy conditions. As you include each

attribute, its name, type, default value, and policy condition name appear in the table. To:

•Add a RADIUS attribute, fill in the fields below the table and click Add.

•Edit a RADIUS attribute, select the appropriate row in the table and click Edit. The RADIUS

attribute parameters appear in the fields below the table. Edit as required, then click Replace.

Dictionary Type RADIUS dictionary type. Click the drop-down list box to select a RADIUS dictionary type.