User`s guide
Introduction 7
OnSite Authentication Options
OnSite Authentication Options
Anyone accessing the OnSite must log in by entering a username and
password. Controlling access by requiring users to enter names and passwords
is called authentication. The usernames and passwords entered during login
attempts are checked against a database that lists all the valid usernames along
with their encrypted passwords. Access is denied if either the username or
password is not valid.
The password database can reside either locally (on the OnSite) or on an
authentication server on the network. Using one or more of the many types of
popular authentication methods supported on the OnSite can reduce
administrator workload when a user account needs to be added, modified, or
deleted.
Note: Even if a remote authentication server is specified, when an
administrative user logs in through the Web Manager or through the OSD,
then authentication for the administrative user account always falls back to
local authentication if the server is not available. For all other types of logins,
if an authentication method is specified without a local fallback (such as NIS/
DownLocal), and if the authentication server is not available, then
authentication fails and the user cannot log in.
Choosing Among Authentication Methods
The administrator can either accept the defaults or select among the many,
common, authentication methods available for the following types of access:
• For logins to the OnSite
The authentication method chosen for the OnSite is used for subsequent
access through telnet, ssh, or the Web Manager. By default, logins to
the OnSite use Local authentication.
• For logins to individual serial ports (and connected devices)
By default, logins to all serial ports use no authentication.
• For logins to all KVM ports (and connected devices)
By default, logins to the KVM ports use Local authentication