11-5
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter11 Working with User Databases About External User Databases
Regardless of which database is used to authenticate users, the CiscoSecure user
database, internal to Cisco Secure ACS, is used to authorize requested network
services.
For Cisco Secure ACS to interact with an external user database,
Cisco Secure ACS requires an API for third-party authentication source. The
Cisco Secure ACS communicates with the external user database using the API.
For WindowsNT/2000, Generic LDAP, and Novell NDS authentication, the
program interface for the external authentication is local to the Cisco Secure ACS
system and is provided by the local operating system. In these cases, no further
components are required.
In the case of ODBC authentication sources, in addition to the Windows ODBC
interface, the third-party ODBC driver must be installed on the CiscoSecure ACS
server.
To communicate with each traditional token server, you must have software
components provided by the OTP vendors installed, in addition to the
Cisco Secure ACS components. You must also specify in User Setup that a token
card server is to be used.
For RADIUS-based token servers, such as ActivCard, CRYPTOCard, and Vasco,
the standard RADIUS interface serves as the third-party API.
Authenticating with External User Databases
Authenticating users with an external user database requires more than
configuring Cisco Secure ACS to communicate with an external user database.
Performing one of the configuration procedures for an external database that are
provided in this chapter does not on its own instruct CiscoSecure ACS to
authenticate any users with that database.