Alteon Application Switch Operating System Application Guide
Securing Alteon
76 Document ID: RDWR-ALOS-V2900_AG1302
• Using an SCP-only administrator password—Use the command
/cfg/sys/access/sshd/scpadm to bypass the checking of SecurID.
Note: The /cfg/sys/access/sshd/scpadmin command is only available when connected
through the console port for the Global Administrator, and Telnet for the vADC Administrator.
An SCP-only administrator's password is typically used when SecurID is used. For example, it
can be used in an automation program (in which the tokens of SecurID are not available) to
back up (download) the configurations each day.
Note: The SCP-only administrator password must be different from the regular administrator
password. If the two passwords are the same, the administrator using that password is not
allowed to log in as an SSH user because Alteon recognizes him as the SCP-only administrator,
and only allows the administrator access to SCP commands.
Alternately, you can configure a regular administrator with a fixed password in the RADIUS
server if it can be supported. A regular administrator with a fixed password in the RADIUS server
can perform both SSH and SCP with no additional authentication required.
End User Access Control
Alteon allows an administrator to define end user accounts that permit end users to operationally act
on their own real servers via the CLI commands. Once end user accounts are configured and
enabled, Alteon requires username and password authentication.
For example, an administrator can assign a user to manage real servers 1 and 2 only. The user can
then log into Alteon and perform operational commands (effective only until the next reboot), to
enable or disable the real servers, or change passwords on the real servers.
Considerations for Configuring End User Accounts
• Only one user ID can be assigned to a real server resource to enable or disable a real server.
Consequently, a single end user may be assigned the maximum number of real servers that can
be configured, to the exclusion of any other users.
• A maximum of 10 user IDs are supported.
• The administrator must ensure that all real and backup servers or groups belonging to a virtual
service are owned by the same end-user ID. Alteon does not validate configurations. The
criterion for displaying virtual service information for end users is based on the validation of
ownership of the first real server in the group for a given virtual server port.
• Alteon has end-user support for console and Telnet access. As a result, only very limited access
is granted to the primary administrator under the BBI/SSH1 mode of access.
• RADIUS authentication and user passwords cannot be used concurrently to access Alteon.
• Passwords can be up to 128 characters for TACACS, RADIUS, Telnet, SSH, console, and Web
access.
User Access Control Menu
The End User Access Control menu is located in the System Access menu:
>> # /cfg/sys/access/user
To Next Page
Loading...
Need help?
General