Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco PIX PDM aaa with Cisco Secure and otp.

Logging in to PDM when using ACS 3.1 as aaa server works fine except that several(10-14) successful login attempts are logged in the ACS within a few seconds time.

Using the same procedure with OTP fails and ACS reports "External DB Auth failure". This is because the OTP is one-time of course.

But, why are several authentication requests sent from the PDM for one singel login? Is there any way to configure "token caching" for pdm logins with otp´s?

1 REPLY
Bronze

Re: Cisco PIX PDM aaa with Cisco Secure and otp.

Hi,

OTP is not supported with TACACS (CSCeb00416), with RADIUS(ACS) it should work.

I have to say that PDM will not work with OTP authentication like you expect compare to router and

switch.

It is the browser which caches passwords and uses same username/password several times (like you

have observed multiple times with the same password).

For this, each https-get will be checked against AAA server (per protocol definition). On client

(browser)

site, password will be cached. On server site not - by default. So you need to enable token caching

for e.g 1 hour on AAA server if this is supported on your AAA server.

This is possible with e.g ACS, please have a look at:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/g.htm#81503

let me know, if you have more Qs.

thx

Afaq

157
Views
0
Helpful
1
Replies
CreatePlease to create content