05-02-2013 09:52 AM - edited 03-10-2019 08:23 PM
I am trying to wrap my head around this topic and failing. I want to setup two factor authentication via ACS 5.2 TACACS+ without having to use a token (such as that by RSA). Is there a way to do it?
More info:
Users from unconnected AD domains will be connecting to the routers and switches.
There is a certificate server available to generate certificates.
SSHv2 is the current login protocol.
Thanks!
Solved! Go to Solution.
05-02-2013 11:11 AM
Without RSA, I don't see a way to accomplish this.
With tacacs all you can have
username:xxxxxx
password:xxxxxx
ciscoasa>enable
password:xxxxxx
above you are using 2 password login and enable.
Jatin Katyal
- Do rate helpful posts -
05-02-2013 11:11 AM
Without RSA, I don't see a way to accomplish this.
With tacacs all you can have
username:xxxxxx
password:xxxxxx
ciscoasa>enable
password:xxxxxx
above you are using 2 password login and enable.
Jatin Katyal
- Do rate helpful posts -
05-02-2013 11:17 AM
That is what I was coming up with, but I was hopeful someone would say "you can do this...".
I see that I can setup more than one database to authenticate against and I can use certificates...but Cisco's TACACS stops when it gets the first OK (like an access list does), so if I use a certificate it will not prompt for a username and password if it finds the certificate first and vice-versa.
05-02-2013 11:25 AM
Sorry to tell you the true story
Could you please explain what is your end goal? What all devices are involved in your setup and what kind of authentication is this?
Jatin Katyal
- Do rate helpful posts -
05-02-2013 11:27 AM
The IRS demands two factor authentication for any system which touches specific kinds of data, such as social security numbers. Just routers and switches. I was hoping to do with without spending money - but it appears I am out of luck on that front.
I will keep this thread open for a bit just in case someone else has any ideas, otherwise I will make your as the correct answer.
05-02-2013 11:59 AM
sure
Jatin Katyal
- Do rate helpful posts -
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide