162 Security
Notes
• The external user and password information is transmitted as plain text during
RADIUS login. Use HTTPS login as an alternative to HTTP.
• The local logins does not perform hashing of the password in external RADIUS login.
Hence, HTTPS / TLS encryption is used for password encryption.
• Local user accounts can be left active on side of the external RADIUS user accounts.
Local accounts should have strong passwords. In cases when RADIUS server is
unreachable (e.g. due to lost network connection), local login will be enabled once per
failed RADIUS login even if the local logins are disabled.
Protocol level implementation for RADIUS
On protocol level, NETA-21 sends a RADIUS access request to RADIUS server with
attributes as follows:
Attribute name Attribute ID Value
Vendor-ID 56 “ABB” (ID 100)
Vendor-Sub-Type 57 “Drives” (ID 101)
NETA-21 module
Web browser
(HTML / Javascript)
Login dialog
HTTPS frontend
(HTTP not
recommended)
Username,
Password,
Auth.method
(as plaintext)
Over HTTPS
Local DB (settings,
RADIUS server setup,
allowed RADIUS user
name filter)
User
accounts
RADIUS
authentication
server in
network
DataHub with
internal settings
and local user
accounts
RADIUS-protocol
Basic (RFC2865)
EAP-TTLS (RFC581)
To Next Page
Loading...
