Table of Contents
Advertisement
The APPLIANCEADMIN level is equivalent to PALL, USER, SCON, SMON, PCON, and BREAK.
The ADMIN level is equivalent to PALL, USER, SMON, PCON, and BREAK.
The third level (that is, not APPLIANCEADMIN or ADMIN) is user. For preemption purposes, the following hierarchy is
used: APPLIANCEADMIN>ADMIN>user.
Session sharing is affected by access levels. See "Session sharing."
Managing user access rights and access levels
1.
To configure the access rights of a user, issue a User Add command, using the Access parameter to specify
the rights or a level.
user add <username> access=<access>
2.
To change the access rights of a user, issue a User Set command, using the Access parameter to specify the
rights or a level.
user set <username> access=<access>
3.
To display the access rights and level for one or all users, issue a Show User command.
show user <username>|all
See "Managing user accounts," "User add command," "User set command," and "Show user command."
Using authentication methods
The SCS supports several methods for authenticating users: Local, RADIUS, LDAP and None. By default,
authentication is performed in the local SCS user database.
Local authentication
Local authentication uses the SCS internal user database to authenticate users. The local database supports up to 64
users and an administrator.
RADIUS authentication
RADIUS authentication uses an external third-party RADIUS server containing a user database to authenticate SCS
users. The SCS, functioning as a RADIUS client, sends user names and passwords to the RADIUS server. If a user
name and password do not agree with equivalent information on the RADIUS server, the SCS is informed and the
user is denied SCS access. If the user name and password are successfully validated on the RADIUS server, the
RADIUS server returns an attribute that indicates the access rights defined for that user name.
To use RADIUS authentication, specify information about the primary RADIUS server and optionally, a secondary
RADIUS server to be used as a backup.
The RADIUS server definition values specified in SCS commands must match corresponding values configured on the
RADIUS server. On the RADIUS server, you must include SCS-specific information: the list of valid users and their
access rights for the SCS. Each user-rights attribute in the RADIUS server's dictionary must be specified as a string
containing the user's access rights for the SCS, exactly matching the syntax used in the SCS User Add command.
Consult your RADIUS manual or administrator for information about specifying users and their attributes. The exact
process depends on the RADIUS server you are using.
When port group names are used, the SCS will parse group names coming from a RADIUS server and allow access
according to group content.
LDAP authentication
LDAP authentication enables the user to leverage their directory service for authentication. HP supports Microsoft®
Active Directory. The LDAP module must be managed through HP IP Console Viewer software. The details for
configuring LDAP can be located in the documentation for the HP IP Console Viewer software or in the online Help
section within the software itself. See
Viewer software.
No authentication
When authentication is disabled, users are not authenticated. Telnet sessions to serial ports are accepted
immediately, and users are not prompted for a user name or password. In this case, users are granted access only to
the port to which they are connected, including Break access.
http://www.hp.com/go/kvm
for more information about the HP IP Console
Operations 33
- Quick Links:
- Configuring the Scs
- Console Port Settings
Hide quick links:
Advertisement
Chapters
Table of Contents
