Role Address Restrictions; How Directory Login Restrictions Are Enforced - HP Integrated Lights-Out User Manual

200 User Guide Integrated Lights-Out
Using DNS-based restrictions can create some security complications. Name
service protocols are insecure. Any individual with malicious intent and access to
the network can place a rogue DNS service on the network creating fake address
restriction criteria. Organizational security policies should be taken into
consideration when implementing DNS-based address restrictions.

Role Address Restrictions

Role address restrictions are enforced by the LOM firmware, based on the client's
IP network address. When the address restrictions are met for a role, the rights
granted by the role apply.
Address restrictions can be difficult to manage if access is attempted across
firewalls or through network proxies. Either of these mechanisms can change the
apparent network address of the client, causing the address restrictions to be
enforced in an unexpected manner.

How Directory Login Restrictions are Enforced

Two sets of restrictions potentially limit a directory user's access to LOM
devices. User access restrictions limit a user's access to authenticate to the
directory. Role access restrictions limit an authenticated user's ability to receive
LOM privileges based on rights specified in one or more Roles.
User
12
11 1
10
9
8
7 5
6
Client
Workstation
12
11 1
2 10 2
3 9 3
4 8 4
7 5
6
User access
restrictions
User restrictions must be met to
authenticate to the directory.
And
Enforced by the directory
server.
Directory
Server
12
11 1
10 2
9 3
8 4
7 5
6
Role access
restrictions
Role restrictions must be
met to receive rights
granted by 1 or more roles.
Enforced by LOM.
LOM
12
11 1
10 2
9 3
8 4
7 5
6