Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.3 - Connection to external ID store - encrypted?

Pretty sure this is a dumb question, but are the connections between the ACS and external identity stores encrypted?

I know that when setting up LDAP identity store there is the option to specify SSL conection.  Are the other connections encrypted by default, or is the data sent between the ACS and AD, for example, sent in the clear?

3 REPLIES
Cisco Employee

ACS 5.3 - Connection to external ID store - encrypted?

It all depends on the identity store you are talking about.

If it's a Radius identity store (token server for example) then they talk RADIUS so there is a shared secret to encrypt the private data. All the attributes are still in clear though.

Active Directory is using Kerberos/NTLM encryption for everything.

LDAP, as you said, is either in clear or SSL encrypted.

ACS 5.3 - Connection to external ID store - encrypted?

Hi Nicholas

Can ACS 5.3 connect to multiple external database e.g connect to 2 different Windows AD?

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
Cisco Employee

ACS 5.3 - Connection to external ID store - encrypted?

No.

You would need to add the 2nd AD as "ldap" database.

711
Views
0
Helpful
3
Replies
CreatePlease login to create content