B-2
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
AppendixB Authentication in ACS 5.4
PAP
This appendix describes the fo llowing:
RADIUS-based authentication that does not include EAP:
PAP, pageB-2
CHAP, pageB-32
MSCHAPv1
EAP-MSCHAPv2, page B-30
EAP family of protocols transported over RADIUS, which can be further classified as:
Simple EAP protocols that do not use certificates:
EAP-MD5—For more information, see EAP-MD5, page B-5.
LEAP—For more information, see LEAP, pageB-32.
EAP protocols that involve a TLS-handshake and in which the client uses the ACS server
certificate to perform server authentication:
PEAP, using one of the following inner methods: PEAP/EAP-MSCHAPv2 and
PEAP/EAP-GTC—For more information, see PEAPv0/1, pageB-14.
EAP-FAST, using one of the following inner methods: EAP-FAST/EAP-MSCHAPv2 and
EAP-FAST/EAP-GTC—For more information, see EAP-FAST, pageB-19.
EAP protocols that are fully certificate-based, in which the TLS handsh ake uses certificates for
both server and client authentication:
EAP-TLS—For more information, see EAP-TLS, page B-5.
PEAP with inner method EAP-TLS, see PEAPv0/1, page B-14.
Certificate Attributes, pageB-32
Machine Authentication, pageB-35
Authentication Protocol and Identity Store Compatibility, pageB-36
For a list of known supplicant issues, refer to
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/release/notes/
acs_54_rn.html.
PAP
The Password Authentication Protocol (PAP) provides a simple method for a user to establish its identity
by using a two-way handshake. The PAP password is encrypted with the shared secret and is the least
sophisticated authentication protocol.
ACS checks the ID-Password pair against the external database, Identity Store, until ACS acknowledges
the authentication or terminates the connection.
PAP is not a strong authentication method since it offers little protection from repeated trial-and-error
attacks.
Note The RADIUS with PAP authentication flow includes logging of passed and failed attempts.