Specifications
67
Authentication Modules
As mentioned previously, there are differences in the level of control available for the configuration of
a module. This section describes each of the modules.
Authentication
Type
Password
Primary/ Secondary
Client Certificate
Primary/ Secondary
IP
Primary
Authentication Key
Primary/ Secondary
PIN Number
Primary/ Secondary
Personal Questions
Secondary
OTP (One Time Password)
Secondary
RADIUS
Primary/ Secondary
The above table also shows what type an authentication module is. Type defines the order of the
associated module. A primary module defines that the authentication module is capable of accepting a
username and thus these types of modules should be placed first. Any module which has ‘primary/
secondary’ type can be placed as a primary module or a secondary module but any module which is
strictly typed as, ‘secondary’ cannot be placed first in a scheme.
The authentication scheme system enforces this by disallowing a secondary scheme to be positioned at
the top of the chain.
A brief summary of the available modules is listed in the following sections.
Password Authentication
This is the most commonly used authentication scheme and it is the simplest and easiest to configure.
Both Default and Password and Personal Details rely on the Password authentication module; the first
as a single scheme the second as part of a two-factor scheme.
The length, format and expiration of passwords are all configurable, however initially these parameters
are defaulted and whenever the administrator creates an account a password must be attached.
Creating a Password
A password is assigned the first time a user is created. As the screenshot below shows the password
can be redefined the first time the user logs into the system by selecting the checkbox.
For further information on creating passwords refer to the chapter titled, Creating Accounts.