Manualshelf

User Manual

ManualsBrandsLantronix ManualsComputers & AccessoriesLantronix CONSLE Server 10/100MBPS ENET (SCS400-02)
171172173174175176177178179180
Security Database Configuration
11-13
To configure the SCS KVNO, use the Set/Define Authentication Kerberos KVNO command.
Figure 11-29: Configuring the SCS KVNO
Note: By default, the KVNO is set to 1.
For additional Kerberos configuration instructions, see Set/Define Authentication on page 12-155.
11.4.3 RADIUS
The SCS supports the Remote Authentication for Dial-In User Services (RADIUS) protocol. RADIUS is a
centrally-located client-server security system.
Note: The SCS supports RADIUS as described in RFC 2058 and is intended to support
future versions when they become available.
RADIUS is geared towards large networks that have many communications servers, or many users for
which explicit security measures must be enforced. Its advantages are:
Authentication information for multiple users, in multiple forms, can be stored in a single RADIUS
server.
The RADIUS server can be part of a local or wide-area network.
RADIUS can be used with Kerberos and CHAP/PAP security.
Passwords are not transmitted across the network in readable form.
Disadvantages include:
Keeping authentication information on one server can be dangerous; the server should be backed up
regularly.
Those wishing to use RADIUS must use one of the database types that RADIUS supports (currently
local RADIUS databases, UNIX password files, NIS files, Kerberos databases, and TACACS).
RADIUS servers are subject to security attacks from users already on the network. More information
can be found in the RFC 2058 and in your RADIUS servers documentation.
RADIUS consists of two parts: authentication and accounting. Authentication is handled by the RADIUS
authentication server, which stores authentication information configured by the network administrator.
Accounting is handled by the RADIUS accounting server, which stores statistical information about
authenticated connections. RADIUS accounting and authentication can be implemented independently of
one another.
11.4.3.1 RADIUS Authentication
The general process of SCS user authentication using a RADIUS server is explained below.
1 A user connects to the SCS. The SCS prompt the user for a username and password, or CHAP/PAP
authentication information if CHAP or PAP is configured.
Local>> DEFINE AUTHENTICATION KERBEROS KVNO 1