Manualshelf

Troubleshooting guide

ManualsBrandsAlcatel ManualsComputer equipmentSecurity Management Server (SMS) Release 9.4
31323334353637383940
2 — 5620 SAM user security tasks
Alcatel-Lucent 5620 Service Aware Manager 2-13
5620 SAM
System Administrator Guide
When a remote 5620 SAM GUI or OSS session terminates, the user account for the
session does not get deleted. This allows remote authenticated users to keep details
such as filters defined between sessions.
One-time password use
For increased security, a GUI user can provide an authentication token to a RADIUS
or TACACS+ server that is validated only once. This is called one-time password
use. You can enable one-time password use during 5620 SAM remote authentication
policy configuration. See Procedure 2-33 for more information.
After a communication failure between a GUI client and a 5620 SAM main server
when one-time password use is in effect, the GUI client is unable to obtain
authentication using the cached credentials from the previous login attempt. When
this occurs, the client prompts the GUI user to log in to the remote authentication
server again, but does not automatically close the GUI, in order to preserve the
current view until the user is ready to log in again.
Combined local and remote authentication
Many organizations already have existing TACACS+ or RADIUS authentication of
users, based on long standing TACACS+ and RADIUS user accounts and
passwords. You can incorporate new 5620 SAM user accounts for local 5620 SAM
authentication with existing TACACS+ or RADIUS user accounts.
Consider the following:
A system administrator can integrate the existing TACACS+ or RADIUS user
accounts with 5620 SAM user accounts.
You can create a 5620 SAM user name that exactly matches a TACACS+ or
RADIUS user name.
A 5620 SAM user name can be 1 to 80 characters in length, which is sufficient to
match most remote authentication user names.
Note 1 — The one-time password function is not available to OSS
clients.
Note 2 — To change the one-time password setting in a remote
authentication policy, you require a scope of command that has
Update/Execute access to the srmrmtauth package.
Release 12.0 R6 | November 2014 | 3HE 08861 AAAF TQZZA Edition 01