Manualshelf

User Manual

ManualsBrandsLantronix ManualsComputers & AccessoriesLantronix CONSLE Server 10/100MBPS ENET (SCS400-02)
171172173174175176177178179180
Security Network Restrictions
11-21
To execute commands when the user logs into the SCS, first ensure that authentication databases have been
configured; see Database Configuration on page 11-8 for instructions. Then associate commands with the
username using the Set/Define Authentication User Command command. The commands you specify
will be executed when the user is successfully authenticated.
Figure 11-41: Forcing User to Start a Particular Site
In the previous example, when user bob logs into the SCS, he will automatically start PPP and run the site
dialin_users.
To ensure that the user is not left at the Local> prompt after the forced command finishes executing, the
string ;logout may be added.
11.5.7 Restricting Multiple Authenticated Logins
The Set/Define Authentication Unique Enabled command can be used to prevent a single PPP or Local
mode user from making multiple authenticated connections to the SCS.
For example, imagine that ports 1 through 8 have authentication enabled, but ports 9 through 16 do not. If
user george connects to port 2 and enters the correct password, he will be permitted to login. If, while george
is connected to port2, another user tries to log into port3 using george as his username, he will be rejected.
Unique authentication applies only to ports that have authentication enabled. If user george connects to
port2 and then attempts a second connection to port9, the second login will be allowed because port9 does
not have authentication enabled. Similarly, if george attempts an authenticated login to port 2 after another
user has logged into port9 with username george, he will succeed (provided that he enters the correct
password) because he is the first user to log in as george on an authenticated port.
To enable unique authentication, enter the following command:
Figure 11-42: Preventing Multiple Authenticated Logins By Single Users
11.6 Network Restrictions
11.6.1 Incoming Telnet/Rlogin Connections
Incoming Telnet and Rlogin connections can be permitted without restriction, password protected, or
prevented entirely. By default, incoming Telnet and Rlogin connections are permitted without entering the
login password; to change this configuration, use the Set/Define Server Incoming command:
Figure 11-43: Preventing Incoming Telnet/Rlogin Logins
Note: The complete syntax of the Set/Define Server Incoming command is discussed on
page 12-121.
Local>> DEFINE AUTHENTICATION USER bob COMMAND "SET PPP dialin_users; logout"
Local>> DEFINE AUTHENTICATION UNIQUE ENABLED
Local>> DEFINE SERVER INCOMING NONE
Local>> DEFINE SERVER INCOMING PASSWORD