Introduction > Authentication

Authentication
ACS supports a number of authentication methods that can help the administrator with the user management. Authentication can be performed locally or with a remote server, such as RADIUS, TACACS+, LDAP, or Kerberos. An authentication security fallback mechanism is also employed, should the negotiation process with the authentication server fails. In such situations, the ACS follows an alternate defined rule when authentication server is down or does not authenticate the user.
The following table lists the supported authentication methods.
ACS Supported Authentication Methods
Authentication is performed against an LDAP database using an LDAP server.
Authentication is performed locally. For example using the /etc/passwd file.
Authentication is performed locally first, switching to Radius if unsuccessful.
Authentication is performed locally first, switching to TACACS+ if unsuccessful.
Authentication is performed locally first, switching to NIS if unsuccessful.
Uses the one time password (OTP) authentication method.
Authentication is performed using a TACACS+ authentication server.
TACACS+ authentication is tried first, switching to Local if unsuccessful.

Introduction > Authentication