Creating Multiple Restrictions And Roles - HP AB500A - Integrated Lights-Out Advanced User Manual

Hp integrated lights-out 2 user guide for firmware 1.75 and 1.77

Hide thumbs Also See for AB500A - Integrated Lights-Out Advanced:

Technology brief (43 pages)

Configuration (39 pages)

Technology brief (24 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

Table of Contents

name server. If the name service goes down or cannot be reached, DNS restrictions cannot be matched

and will fail.

DNS-based restrictions can limit access to a single, specific machine name or to machines sharing a

common domain suffix. For example, the DNS restriction, www.hp.com, matches hosts that are assigned

the domain name www.hp.com. However, the DNS restriction, *.hp.com, matches any machine

originating from HP.

DNS restrictions can cause some ambiguity because a host can be multi-homed. DNS restrictions do not

necessarily match one-to-one with a single system.

Using DNS-based restrictions can create some security complications. Name service protocols are

insecure. Any individual with malicious intent and access to the network can place a rogue DNS service

on the network creating fake address restriction criteria. Organizational security policies should be taken

into consideration when implementing DNS-based address restrictions.

How user time restrictions are enforced

Administrators can place a time restriction on directory user accounts. Time restrictions limit the ability of

the user to log in (authenticate) to the directory. Typically, time restrictions are enforced using the time at

the directory server, but if the directory server is located in a different time zone or a replica in a different

time zone is accessed, then time zone information from the managed object can be used to adjust for

relative time.

The directory server evaluates user time restrictions, but the determination can be complicated by time

zone changes or authentication mechanism.