Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1522
Views
0
Helpful
1
Replies

Cisco PIX PDM aaa with Cisco Secure and otp.

Svante Bolander
Level 1
Level 1

‎02-23-2004 11:47 AM - edited ‎03-10-2019 07:40 AM

Logging in to PDM when using ACS 3.1 as aaa server works fine except that several(10-14) successful login attempts are logged in the ACS within a few seconds time.

Using the same procedure with OTP fails and ACS reports "External DB Auth failure". This is because the OTP is one-time of course.

But, why are several authentication requests sent from the PDM for one singel login? Is there any way to configure "token caching" for pdm logins with otp´s?

Labels:
0 Helpful
1 Reply 1

afakhan
Level 4
Level 4

‎03-08-2004 12:37 PM

Hi,

OTP is not supported with TACACS (CSCeb00416), with RADIUS(ACS) it should work.

I have to say that PDM will not work with OTP authentication like you expect compare to router and

switch.

It is the browser which caches passwords and uses same username/password several times (like you

have observed multiple times with the same password).

For this, each https-get will be checked against AAA server (per protocol definition). On client

(browser)

site, password will be cached. On server site not - by default. So you need to enable token caching

for e.g 1 hour on AAA server if this is supported on your AAA server.

This is possible with e.g ACS, please have a look at:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/g.htm#81503

let me know, if you have more Qs.

thx

Afaq

0 Helpful
Customers Also Viewed These Support Documents