88 NetApp AltaVault Cloud Integrated Storage Administration Guide
Beta Draft
Configuring security settings Configuring TACACS+ access
3. Click Apply to apply your changes to the running configuration.
4. To add a new RADIUS server, complete the configuration as described in this table.
If you add a new server to your network and you do not specify these fields at that time, the global settings are
applied automatically.
Configuring TACACS+ access
You can optionally set up TACACS+ (Terminal Access Controller Access-Control System) server authentication in
the Configure > TACACS+ page.
TACACS+ is an authentication protocol that allows a remote access server to forward a login password for a user to
an authentication server to determine whether access is allowed to a given system.
You can prioritize local, RADIUS, and TACACS+ authentication methods for the system and set the authorization
policy and default user for RADIUS and TACACS+ authorization systems in the General Settings page.
Timeout (seconds) Specify the time-out period in seconds (1 to 60). The default value is 3.
Retries Specify the number of times that you want to allow the user to retry authentication. The default
value is 1.
Control Description
Add a RADIUS Server Displays the controls for defining a new RADIUS server.
Hostname or IP Address Specify the hostname or IP address.
Authentication Port Specify the port for the server.
Authentication Type Select one of these authentication types:
• PAP - Password authentication protocol (PAP), which validates users before allowing them
access to the RADIUS server resources. PAP is the most flexible protocol but is less secure than
CHAP.
• CHAP - Challenge-Handshake Authentication Protocol (CHAP), which provides better security
than PAP. CHAP validates the identity of remote clients by periodically verifying the identity of
the client using a three-way handshake. This happens at the time of establishing the initial link
and might happen again at any time afterwards. CHAP bases verification on a user password
and transmits an MD5 sum of the password from the client to the server.
Override the Global
Default Key
Select this check box to override the global server key for the server and specify the following:
• Server Key - Specify the override server key.
• Confirm Server Key - Confirm the override server key.
Timeout (seconds) Specify the time-out period in seconds (1 to 60). The default value is 3.
Retries Specify the number of times that you want to allow the user to retry authentication. Valid values
are 0 to 5. The default value is 1.
Enabled Select the check box to enable the new server.
Add Adds the RADIUS server to the list.
Remove Selected Select the check box next to the name and click Remove Selected.
Control Description
To Next Page
Loading...
