Token cards can be software or hardware devices. The hardware devices are usually about the size of a credit card and contain a numeric keypad. When a user wants to authenticate, the user keys in a secret PIN, and a token string password is generated. The user enters his or her username and token string password when prompted by the NAS. From there, the process of communication is the same as described earlier with the external database server being a token card server that determines whether the username and token string password are valid.
Because token card servers use proprietary protocols for communication, CSACS supports only specific token card servers. Some of the token card vendors supported follow:
|