CHAPTER
12-1
ASDM User Guide
OL-12180-01
12
Configuring AAA Servers and User AccountsThischapter describes support for AAA (pronounced “triple A”) and how to configure AAA servers and
the local database.
This chapter contains the following sections:
•AAA Overview, page 12-1
•AAA Server and Local Database Support, page 12-2
•Configuring the Local Database, page 12-7
•Identifying AAA Server Groups and Servers, page 12-12
•Configuring an Authentication Prompt, page 12-20
•Configuring an LDAP Attribute Map, page 12-21
AAA Overview
AAAenables thesecurity appliance todetermine who the user is(authentication), what the user can do
(authorization), and what the user did (accounting).
AAA providesan extra level of protection and control for user access than using access lists alone. For
example,you can create an access list allowing all outside users to access Telnet on a server on the DMZ
network.If you want only some users to access the server and you might not always know IP addresses
of these users, you can enable AAA to allow only authenticated and/or authorized users to make it
through the security appliance. (The Telnet server enforces authentication, too; the security appliance
prevents unauthorized users from attempting to access the server.)
Youcan use authentication alone or with authorization and accounting. Authorization always requires a
user to be authenticated first. You can use accounting alone, or with authentication and authorization.
This section includes the following topics:
•About Authentication, page 12-1
•About Authorization, page 12-2
•About Accounting, page 12-2
About Authentication
Authentication controls access by requiring valid user credentials, which are typically a username and
password. You can configure the security appliance to authenticate the following items: