Using Certificates and User Login Credentials
hostname(config-ldap-attribute-map)#
Using Certificates and User Login Credentials
The following section describes the different methods of using certificates and user login credentials
(username and password) for authentication and authorization. This applies to both IPSec and WebVPN.
In all cases, LDAP authorization does not use the password as a credential. RADIUS authorization uses
either a common password for all users or the username as a password.
Using User Login Credentials
The default method for authentication and authorization uses the user login credentials.
•
•
Using certificates
If user digital certificates are configured, the security appliance first validates the certificate. It does not,
however, use any of the DNs from the certificates as a username for the authentication.
If both authentication and authorization are enabled, the security appliance uses the user login
credentials for both user authentication and authorization.
•
•
If authentication is disabled and authorization is enabled, the security appliance uses the primary DN
field for authorization.
•
•
Cisco Security Appliance Command Line Configuration Guide
13-16
Authentication
Enabled by authentication server group setting
–
Uses the username and password as credentials
–
Authorization
Enabled by authorization server group setting
–
Uses the username as a credential
–
Authentication
–
Enabled by authentication server group setting
Uses the username and password as credentials
–
Authorization
Enabled by authorization server group setting
–
Uses the username as a credential
–
Authentication
DISABLED (set to None) by authentication server group setting
–
–
No credentials used
Authorization
Enabled by authorization server group setting
–
Uses the username value of the certificate primary DN field as a credential
–
Chapter 13
Configuring AAA Servers and the Local Database
OL-12172-03