System information

Introduction 5
OnBoard Authentication Options
•The AuthType/Local and AuthType/DownLocal authorization methods are
referred to as authentication methods with local fallback options.
Administrators can specify separate authentication types for OnBoard
logins and for connected devices.
Local and OTP authentication methods and the authentication methods
that have local fallback options require user accounts configured on the
OnBoard.
If an authentication server for a specified authentication method is down,
and a local fallback option is not configured, then authentication fails for
regular users. administrative users and for root.
Note: If the authentication server is not available or the user account is not
configured properly, then the OnBoard administrator needs to work with the
authentication servers administrator to fix the problem. If logins to the
OnBoard are not allowed, the root user can use the procedure in “Recovering
From Login Failure” on page 340 to fix the lock-out.
If configuring any authentication method other than Local, the administrator
user must make sure an authentication server is set up for that method as
itemized in the following list.
The OnBoard must have network access to an authentication server set up
for every authentication method specified.
Each authentication server must be configured and operational.
The administrator configuring the OnBoard needs to work with the
administrator of each authentication server to get user accounts set up and
to obtain information needed for configuring access to the authentication
server on the OnBoard.
For example, if LDAP authentication is to be used for logins to the OnBoard
and if Kerberos authentication is to be used for logins to devices, then the
OnBoard needs to have network access to both an LDAP and a Kerberos
authentication server, and the administrator needs to perform configuration on
the OnBoard for each type of authentication server.
Note: This section discusses only the types of authentication used for
controlling who can access the OnBoard and connected devices. Other