Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
929
Views
0
Helpful
3
Replies

ACS 5.3 - Connection to external ID store - encrypted?

rolandgentile
Level 1
Level 1

‎03-15-2012 07:42 AM - edited ‎03-10-2019 06:54 PM

Pretty sure this is a dumb question, but are the connections between the ACS and external identity stores encrypted?

I know that when setting up LDAP identity store there is the option to specify SSL conection.  Are the other connections encrypted by default, or is the data sent between the ACS and AD, for example, sent in the clear?

Labels:
0 Helpful
3 Replies 3

Nicolas Darchis
Cisco Employee
Cisco Employee

‎03-16-2012 06:30 AM

It all depends on the identity store you are talking about.

If it's a Radius identity store (token server for example) then they talk RADIUS so there is a shared secret to encrypt the private data. All the attributes are still in clear though.

Active Directory is using Kerberos/NTLM encryption for everything.

LDAP, as you said, is either in clear or SSL encrypted.

0 Helpful

Ramraj Sivagnanam Sivajanam
Level 4
Level 4
In response to Nicolas Darchis

‎08-16-2012 10:07 PM

Hi Nicholas

Can ACS 5.3 connect to multiple external database e.g connect to 2 different Windows AD?

Warm regards,
Ramraj Sivagnanam Sivajanam
0 Helpful

Nicolas Darchis
Cisco Employee
Cisco Employee
In response to Ramraj Sivagnanam Sivajanam

‎08-16-2012 11:44 PM

No.

You would need to add the 2nd AD as "ldap" database.

0 Helpful
Customers Also Viewed These Support Documents