Chapter 7 Setting Up and Managing User Accounts
Basic User Setup Options
7-8
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Setting a Separate CHAP/MS-CHAP/ARAP Password
Setting a separate CHAP/MS-CHAP/ARAP password adds more security to
Cisco Secure ACS authentication. However, you must have a AAA client
configured to support the separate password.
To allow the user to authenticate using a CHAP, MS-CHAP, or ARAP password,
instead of the PAP password in the CiscoSecure user database, follow these steps:
Step 1
Perform Step 1 through Step 3 of
Adding a Basic User Account, page 7-5
.
Result: The User Setup Edit page opens. The username being added or edited is
at the top of the page.
Step 2
Select the Separate CHAP/MS-CHAP/ARAP check box in the User Setup table.
Step 3
Specify the CHAP/MS-CHAP/ARAP password to be used by typing it in each of
the second set of Password/Confirm boxes under the Separate
(CHAP/MS-CHAP/ARAP) check box.
Note
Up to 32 characters are allowed each for the Password box and the
Confirm Password box.
Note
These Password and Confirm Password boxes are only required for
authentication by the Cisco Secure ACS database. Additionally, if a user
is assigned to a VoIP (null password) group, and the optional password is
also included in the user profile, the password is not used until the user is
re-mapped to a non-VoIP group.
Step 4
Do one of the following:
•
If you are finished configuring the user account options, click Submit to
record the options.
•
To continue to specify the user account options, perform other procedures in
this chapter, as applicable.