Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentContent Delivery Engine 100/200/300/400
291292293294295296297298299300
7-2
Cisco TV CDS 2.5 ISA Software Configuration Guide
OL-24788-01
Chapter 7 System Maintenance
User Access
User Access
Login authentication is used to control user access and configuration rights to the CDSM. Login
authentication is the process by which the CDSM verifies whether the person who is attempting to log
in to the CDSM has a valid username and password. If the local database is used, the person logging in
must have a user account created on the CDSM. If an external server is used, the user account
information is stored in an authentication database, and the CDSM must be configured to access the
particular authentication server (or servers) where the database is kept.
Each user is assigned an access level. The CDS provides the following levels of user configuration rights:
Read only access provides access to the monitoring capabilities, reports, and user manuals.
Read/write access provides the ability to change the configuration settings and monitor all aspects
of the system. In addition, a user with read/write access can perform software upgrades, restart
servers, and restart services in a CDS.
Master access has all the privileges of the read/write level and can add, delete, and change the level
of access of the other users.
Engineering access is primarily used for initializing the CDS at the time of installation and for CDS
diagnostics. After your CDS has been configured, you should not require a user with engineering
access level for day-to-day operations.
There is one built-in user, “admin,” that has master user capabilities. This is the only user that exists on
a new system.
Caution If you are using RADIUS or TACACS+ for login authentication, make sure the configuration is correct
and the server is operating correctly. If RADIUS or TACACS+ is not configured correctly, or if the
RADIUS or TACACS+ server is not online, then the users may be unable to log in to the CDSM.
Local Database User Password Encryption
Passwords are not stored as clear text in the local database, they are stored using Secure Hash Algorithm
(SHA), which includes a salt that is randomly generated for increased security. When a user logs in to
the CDSM, SHA-1 is used to generate the hashed version of the user password, including the randomly
generated salt, which is then sent for authentication. If the hashed version stored in the database matches
what the user entered, the user is allowed access to CDSM; otherwise, access is denied.