Manualshelf

User Manual

ManualsBrandsLantronix ManualsComputers & AccessoriesLantronix CONSLE Server 10/100MBPS ENET (SCS400-02)
171172173174175176177178179180
Security User Restrictions
11-18
If SecurID receives repeated authentication requests for an invalid username/password pair, it assumes that
a login attack is taking place. SecurID will react by continually slowing its responses to the SCS. This
problem can be avoided by ensuring that SecurID has the highest precedence number. For example, if
youre using SecurID, Kerberos, and a UNIX password file, set SecurIDs precedence to 3.
For additional SecurID configuration instructions, see Set/Define Authentication SecurID on page 12-
162.
11.4.5 UNIX Password File
Trivial File Transfer Protocol (TFTP) can be used to retrieve files from remote systems. During
authentication, the SCS can TFTP a UNIX password file and check the username and password fields for
the pair provided by a user. The SCS cannot add, modify, or delete password file entries.
Note: The TFTP file is stored in UNIX /etc/passwd format. It must be in a location
reachable via TFTP.
UNIX password files are advantageous because existing UNIX password files can be used. Their main
disadvantage is that TFTP poses a security risk. If the SCS can retrieve the file, chances are that other hosts
on the network can retrieve the file and potentially crack the passwords. If your network is not trusted, you
may not want to use TFTP authentication.
Note: UNIX password file authentication is case-sensitive.
To use a UNIX password file to authenticate users, use the Set/Define Authentication TFTP command:
Figure 11-34: Configuring the SCS to Use a UNIX Password File
Specify the full pathname of the password file using the Set/Define Authentication TFTP Filename
command:
Figure 11-35: Specifying the Pathname of the Password File
11.5 User Restrictions
Individual SCS users may be restricted in a number of ways. They may be prevented from using particular
commands, forced to use a certain configuration, or forced to use a particular IP address.
Local>> DEFINE AUTHENTICATION TFTP PRECEDENCE 5
Local>> DEFINE AUTHENTICATION TFTP PRIMARY 192.0.1.50
Local>> DEFINE AUTHENTICATION TFTP SECONDARY 192.0.1.51
Local>> DEFINE AUTHENTICATION TFTP FILENAME "/tftpboot/passwd"