Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1431
Views
0
Helpful
0
Comments

With CiscoSecure ACS for Windows 4.0, PAP authentication against the RSA server with new PIN mode fails

TCC_2
Level 10
Level 10

‎06-17-2009 10:13 PM - edited ‎03-08-2019 06:01 PM

Core issue

This issue occurs due to the presence of Cisco bug ID CSCsd41866.

In CiscoSecure ACS for Windows version 4.0(1.27), Password Authentication Protocol (PAP) authentication against the Rivest, Shamir, and Adelman (RSA) server fails when the new PIN mode is invoked. When the RSA One-Time Password (OTP) server is configured as the external user database, and new PIN/Clear mode is invoked by the RSA server, PAP authentication through a Telnet session fails. The RSA server forces a user to define a new PIN. However, a new PIN is not sent to the RSA server, and the authentication fails. In CiscoSecure ACS for Windows 3.3.3.11, the same users and configuration work fine without any errors.

Resolution

As a workaround, a patch must be applied to the CiscoSecure ACS for Windows. In order to gain access to the patch, contact Cisco Technical Support.

Cisco Secure Access Control Server (ACS)

ACS for Windows version 4.0

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents