Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Xauth password Caching !!!

Hi All

I have noticed that the Xauth authentication password is cached in the VPN client by default.

How can I turn this off ?

Login with UID+PW works

Login with UID+"blank" works

Login with UID+"wrongpw" don't work

Login with wrong UID+"blank" don't work

Xauth is Tacacs from a Cisco ACS Server.

both VPN Client versions 3.5.2C and 3.6.3C has this caching

termination point PIX 515 ver 6.1(4)

/Brgds Stefan

2 REPLIES
Bronze

Re: Xauth password Caching !!!

Hi,

Please copy-paste the pix config and debugs(crypto) for your second combination mentioned above.

Looking at the ACS logs would help as well.

client should not save XAUTH password by default.

Thx

Afaq

Re: Xauth password Caching !!!

Hi Afaq

I have investigated this further, and it seems it's not a VPN client or Pix problem.

The problem resides on either in the ACS:server or our LDAP database.

Seems like our ACS Server v2.4 don't understand the LDAP return codes, on "blank passwords" so the tacacs thinks it gives a acceptable value.

Have anyone familiar with the Cisco ACS Server heard of such a problem ?

My first step is to upgrade to ACS 2.6 any other ideas ?

/Brgrds Stefan

387
Views
0
Helpful
2
Replies
CreatePlease login to create content