User`s guide
OnSite Authentication Options
14
AlterPath OnSite Administrator’s and User’s Guide
Authentication Server Requirements
If configuring any authentication method other than Local, OTP, or OTP/
Local, make sure an authentication server is set up for that method. The
following list is a summary of the requirements for authentication servers.
• The OnSite must have network access to an authentication server set up
for every authentication method specified.
• Each authentication server must be configured and operational.
• The administrator configuring the OnSite needs to work with the
administrator of each authentication server to get user accounts set up and
to obtain information needed for configuring access to the authentication
server on the OnSite.
For example, if LDAP authentication is to be used for logins to the OnSite and
if Kerberos authentication is to be used for logins to devices connected to
serial ports, then the OnSite needs to have network access to both an LDAP
and a Kerberos authentication server, and the administrator needs to perform
configuration on the OnSite for each type of authentication server.
Configuration on the OnSite involves supplying the required information to
identify the authentication server.
Group Authorization for LDAP, RADIUS, and
TACACS+ Authentication
Configuring group authorizations along with LDAP, RADIUS, and
TACACS+ authentication adds additional security. When configured for any
of the three listed authentication methods, group membership information is
retrieved from the authentication server. See “Configuring Groups on LDAP,
NTLM, RADIUS, and TACACS+ Authentication Servers” on page 512.
Local/TACACS+
Uses TACACS+
authentication if
local authentication
fails.
X
X
Table 1-3: Supported Authentication Types (Sheet 6 of 6)
Type Description OnSite KVM Ports Serial Ports