User`s guide
247
CHAPTER
15
User Authorization and Access
Control
Oracle’s Identity Management System (IMS) service authenticates users and grants
them suitable privileges according to assigned user roles when users access the
Oracle Fabric Interconnect. The IMS service can be one of:
■ XgOS local system, which is always present
■ Microsoft Active Directory (AD)
■ Remote Authentication Dial In User Service (RADIUS)
Once you apply the configuration, the IMS service is completely transparent to the
operator.
The IMS server functions as a central authentication, authorization, and accounting
(AAA) repository. You can use either the internal (local) IMS or an external IMS to
control authorization. The internal service is always in place to ensure that you can
always log in to the chassis using a local account in the event that connections to an
external service are lost.
You can choose to use only the internal IMS if it meets your needs. However, many
users will want to take advantage of pre-existing user accounts on another system.
In that case, you can configure an external IMS and those users will also have access.
This chapter provides information about the IMS and the local and external systems
that you can use. It contains the following sections:
■ “Configuring IMS” on page 248
■ “Using the Internal IMS” on page 250
■ “Using Active Directory as the IMS” on page 254
■ “Using Role Group Mappings for AD/LDAP Users” on page 259
■ “Using RADIUS as the IMS” on page 265
■ “Common IMS Operations” on page 269
■ “Setting the Shell Inactivity Timeout for Root User” on page 270