Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS v5.5 CHAP/MD5 internal users failing to authenticate

We have recently purchased some firewalls for a new environment that we configured to use in FIPS mode.  Because the firewalls are in FIPS mode, the only RADIUS authentication protocol they can use is CHAP/SHA-1.  We originally were having issues authenticating internal users in ACS v5.4 because (based off the Authentication_Trend logs), it looks like the ACS was looking for CHAP/MD5.  We upgraded to v5.5 because we saw there was the ability to put the ACS into FIPS mode, however, it looks like CHAP has to be disabled as a RADIUS authentication protocol due to MD5 not being FIPS compliant.  Just curious if there was anyway to have the ACS look for CHAP that uses a different hashing algorithm (like a SHA-*).  If not, this would be a useful enhancement for the future.

Everyone's tags (1)
1 REPLY
New Member

Hello,ACS is FIPS compliance

Hello,

ACS is FIPS compliance since version 5.4 however there are others things to consider.

 

Where is the user held? internally on the ACS or in an external DB? if External What DB are you using?

 

Regards,

 

Erdelgad

518
Views
0
Helpful
1
Replies
CreatePlease to create content