Jon,
CAC authentication will be done via EAP-TLS on the ACS. Here is a configuration example and the EAP-TLS configuration guide for ACS:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a008068d45a.shtml
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/SCAuth.html#wp325971
How do I use a CAC
Certificates are stored on the chip embedded in the Common Access Card (CAC). The chip also contains a processor, which responds to two protocols, PKCS#11 and Microsoft CAPI. To use a CAC, the workstation must have a smart card reader installed and must have software installed that enables the interaction between the application and the CAC, called middleware. The installation of smart card readers and middleware is the responsibility of
the command that controls the workstation configuration. Once the reader and middleware have been installed, some applications, including Microsoft
Outlook and Microsoft Internet Explorer, require configuration to install the certificates from the smart card into the application. The private keys never leave the card, but the configuration step tells the application that the private key associated with the certificate can be found on the CAC. This configuration is also the responsibility of the command that controls the workstation configuration, but requires that the card be present in the card reader to perform the configuration. After the workstation is configured, using the CAC involves putting the card in the reader prior to use, and using the user interface provided by the PK-Enabled client application to sign, decrypt, or identify yourself to PK-Enabled information systems. The CAC must be unlocked prior to use by entering the PIN when requested. If the PIN is entered incorrectly four times in a row, the CAC will lock and require a visit to a RAPIDS terminal or a CAC
PIN Reset station for unlocking.
Regds,
JK
Do rate helpful posts-
~Jatin
