Manualshelf

Service manual

ManualsBrandsAvocent ManualsComputer equipmentCyclades ACS
41424344454647484950
33
CHAPTER
3
Security
This chapter describes the procedures for configuring authentication service(s) that the console
server and its connected devices use. Authentication is the process by which the system, or more
specifically, an authentication service such as Kerberos, LDAP or TACACS+, verifies the identity
of users as well as confirms receipt of communication to authorized recipients.
Security Profiles
The console server includes a set of security profiles that consist of predefined parameters to
control access to the console server and its serial ports. To select a predefined or define a custom
security profile refer to Security Profiles on page 15.
NOTE: As an additional security measure, all serial ports are disabled by default, which allows the administrator
to enable and assign individual ports to users.
Authentication
The console server supports a number of authentication methods that may help the administrator
with the user management. Authentication may be performed locally or with a remote server, such
as RADIUS, TACACS+, LDAP, NIS or Kerberos. Should the negotiation process with the
authentication server fail, an authentication security fallback mechanism is also employed. In such
situations, the console server follows an alternate defined rule when the authentication server is
down or does not authenticate the user.
CAUTION: If you set the authentication service in the console server to NIS, make sure that there is an entry for
user id 0 (zero - the root user) in the NIS server. If you do not want an entry for user id 0 in the NIS server, set the
authentication service in the console server to Nis/Local. Otherwise, root will not be able to ssh out of the console
server, sudo will not work and the DSView
®
3 software plug-in will not work.
NOTE: NIS does not work if Security Profile is set to Moderate or Secured. It only works if the Security Profile is
Open.
To configure serial port authentication:
1. Execute the following command for one or multiple serial ports. Refer to Table 3.1 for
authentication parameters.