Chapter 9: Authentication
202 Console Server & RIM Gateway User Manual
When a user attempts to log in, but does not already have an account on the console server, a new user account
will be created. This account will have no rights, and no password set. They will not appear in the Opengear
configuration tools.
Automatically added accounts will not be able to log in if the remote servers are unavailable. RADIUS users are
currently assumed to have access to all resources, so will only be authorized to log in to the console server.
RADIUS users will be authorized each time they access a new resource.
 Admin rights granted over AAA:
Users may be granted Administrator rights via networked AAA. For TACACS a priv-lvl of 12 of above indicates an
administrator. For RADIUS, administrators are indicated via the Framed Filter ID. (See the example configuration
files below for example)
 Authorization via TACACS for both serial ports and host access:
Permission to access resources may be granted via TACACS by indicating an Opengear Appliance and a port or
networked host the user may access. (See the example configuration files below for example.)
TACACS Example:
user = tim {
service = raccess {
priv-lvl = 11
port1 = cm4001/port02
port2 = 192.168.254.145/port05
}
global = cleartext mit
}
RADIUS Example:
paul Cleartext-Password := "luap"
Service-Type = Framed-User,
Fall-Through = No,
Framed-Filter-Id=":group_name=admin:"
The list of groups may include any number of entries separated by a comma. If the admin group is included, the
user will be made an Administrator.
If there is already a Framed-Filter-Id simply add the list of group_names after the existing entries, including the
separating colon ":".
9.3 SSL Certificate
The console server uses the Secure Socket Layer (SSL) protocol for encrypted network traffic between itself and a
connected user. During the connection establishment the console server has to expose its identity to the user’s browser
using a cryptographic certificate. The default certificate that comes with the console server device upon delivery is for
testing purpose only and should not be relied on for secured global access.
The System Administrator should not rely on the default certificate as the secured
global access mechanism for use through Internet
To Next Page
Loading...
Need help?
General
