Details

The default security method for processing authentication requests. The realm allows the protected resources on the associated server to be partitioned into a set of protection spaces, each with its own authentication authorization database. The methods can be:


- Local - Uses the local username or password database for authentication.


- RADIUS - Uses the global pool of RADIUS servers for authentication.


- TACACS+ - Uses the global pool of TACACS+ servers for authentication.


- LDAP - Uses the global pool of LDAP servers for authentication.


- RSA - Uses the global pool of RSA servers for authentication.


- SAML - Uses the SAML server for authentication.



The default realm is Local, but can be changed.



Note: If LDAP, RADIUS, or TACACS+ is specified as the default security method and the associated provider group specified in this dialog is not available to provide authentication during a user login, fallback local authentication is not executed by the APIC server unless is specifically configured to do so.


Solution

Log into the Cisco APIC Web Console:
Navigate to 'Admin' -> 'AAA' -> 'Authentication'

In the 'Default Authentication' section ensure 'Realm' is not set to 'Local'


This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco_ACI.


References


Source