Cisco Systems CSACS3415K9 Configuring RSA SecurID Prompts

18-4

User Guide for Cisco Secure Access Control System 5.4

OL-26225-01

Chapter18 M anaging System Administration Configurations

Configuring RSA SecurID Prompts

Use the EAP-FAST Generate PAC page to generate a user or machine PAC.

Step1 Select System Administration > Configuration > Global System Options > EAP-FAST > Generate

PAC.

The Generate PAC page appears as described in Table 1 8-5:

Step2 Click Generate PAC.

Configuring RSA SecurID Prompts

You can configure RSA prompts for an ACS deployment. The set of RSA prompts that you configure is

used for all RSA realms and ACS instances in a deployment. To configure RSA SecurID Prompts:

Step1 Choose System Administration > Configuration > Global System Options > RSA SecurID Prompts.

The RSA SecurID Prompts page appears.

Step2 Modify the fields described in Table18-6.

Master Key Generation

Period

The value is used to encrypt or decrypt and sign or authenticate PACs. The default is one week.

Revoke

Revoke Click Revoke to revoke all previous master keys and PACs. This operation should be used with

caution.

If the ACS node is a secondary node, the Revoke option is disabled.

Table18-4 EAP-FAST Settings (continued)

Option Description

Table18-5 Generate PAC

Option Description

Tunnel PAC Select to generate a tunnel PAC.

Machine PAC Select to generate a machine PAC.

Identity Specifies the username or machine name presented as the “inner username” by the EAP-FAST

protocol. If the Identity string does not match that username, authentication will fail.

PAC Time To Live Enter the equivalent maximum value in seconds, minutes, hours, days, weeks, months, and years.

Enter a positive integer.

Password Enter the password.