How User Time Restrictions Are Enforced - HP Integrated Lights-Out User Manual

specified using a subnet address and address bit mask that identifies addresses that are on the same
logical network.
In binary math, if the bits of a client machine address, added with the bits of the subnet mask, match the
restriction subnet address, then the client machine meets the restriction.
DNS-based restrictions
DNS-based restrictions use the network naming service to examine the logical name of the client machine
by looking up machine names assigned to the client IP addresses. DNS restrictions require a functional
name server. If the name service goes down or cannot be reached, DNS restrictions cannot be matched
and will fail.
DNS-based restrictions can limit access to a single, specific machine name or to machines sharing a
common domain suffix. For example, the DNS restriction, www.hp.com, matches hosts that are assigned
the domain name www.hp.com. However, the DNS restriction, *.hp.com, matches any machine
originating from HP.
DNS restrictions can cause some ambiguity because a host can be multi-homed. DNS restrictions do not
necessarily match one-to-one with a single system.
Using DNS-based restrictions can create some security complications. Name service protocols are
insecure. Any individual with malicious intent and access to the network can place a rogue DNS service
on the network creating fake address restriction criteria. Organizational security policies should be taken
into consideration when implementing DNS-based address restrictions.

How user time restrictions are enforced

Administrators can place a time restriction on directory user accounts. Time restrictions limit the ability of
the user to log in (authenticate) to the directory. Typically, time restrictions are enforced using the time at
the directory server, but if the directory server is located in a different time zone or a replica in a different
time zone is accessed, then time zone information from the managed object can be used to adjust for
relative time.
The directory server evaluates user time restrictions, but the determination can be complicated by time
zone changes or authentication mechanism.
Directory-enabled remote management 138