Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
880
Views
0
Helpful
1
Replies

ACS with PKI

m.ploeg
Level 1
Level 1

‎03-30-2007 04:04 AM - edited ‎03-10-2019 03:04 PM

I am a ACS server for authentication/authorization of client's, routers/switches/users. This same ACS server I am also using for authorizing the router to use certificates (av-pair cert-application=all). For this to work you need to create a user (FQDN of router) in ACS.

The side affect is that anybody can use this username and password to login to any device in this setup. I did limit the privilege to 0 so no enable rights are possible

Is there a possibility on the ACS to make sure that this user is only allowed to use certificates and can't login at all?

Labels:
0 Helpful
1 Reply 1

smalkeric
Level 6
Level 6

‎04-05-2007 10:23 AM

If you use EAP-TLS, you will need more ACS servers; but, if you use PEAP, you will need fewer. EAP-TLS is slower than PEAP due to public-key infrastructure (PKI) processing time.

0 Helpful
Customers Also Viewed These Support Documents