Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

CHAPTER

8-1

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Managing Users and Identity Stores

Overview

ACS manages your network devices and other ACS clients by using the ACS network resource

repositories and identity stores. When a host connects to the network through ACS requesting access to

a particular network resource, ACS authenticates the host and decides whether the host can communicate

with the network resource.

To authenticate and authorize a user or host, ACS uses the user definitions in identity stores. There are

two types of identity stores:

• Internal—Identity stores that ACS maintains locally (also called local stores) are called internal

identity stores. For internal identity stores, ACS provides interfaces for you to configure and

maintain user records.

• External—Identity stores that reside outside of ACS are called external identity stores. ACS requires

configuration information to connect to these external identity stores to perform authentication and

obtain user information.

In addition to authenticating users and hosts, most identity stores return attributes that are associated

with the users and hosts. You can use these attributes in policy conditions while processing a request and

can also populate the values returned for RADIUS attributes in authorization profiles.

Internal Identity Stores

ACS maintains different internal identity stores to maintain user and host records. For each identity

store, you can define identity attributes associated with that particular store for which values are defined

while creating the user or host records.

You can define these identity attributes as part of identity dictionaries under the System Administration

section of the ACS application (System Administration > Configuration > Dictionaries > Identity).

Each internal user record includes a password, and you can define a second password as a TACACS+

enable password. You can configure the password stored within the internal user identity store to expire

after a particular time period and thus force users to change their own passwords periodically.

Users can change their passwords over the RADIUS or TACACS+ protocols or use the UCP web service.

Passwords must conform to the password complexity criteria that you define in ACS.

Internal user records consist of two component types: fixed and configurable.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-24201-01 Camera Accessories User Manual