1. Manuals
  2. Brands
  3. Raritan Manuals
  4. LCD Drawer
  5. IP-Reach IPR-M1
  6. User manual

Raritan IP-Reach IPR-M1 User Manual page 63

Raritan computer user manual user manual
Hide thumbs Also See for IP-Reach IPR-M1:
Table of Contents

Advertisement

C
4: A
F
HAPTER
DMINISTRATIVE
UNCTIONS
Authentication vs. Authorization
When your IP-Reach unit is configured for remote authentication, the external authentication server is used
primarily for the purposes of authentication, not authorization.
Authorization is determined by IP-Reach on the basis of user groups. That is, once a given user is allowed
to access the IP-Reach system in general (authenticated), that user's specific permission (authorization) is
determined by IP-Reach based upon the user's group.
The external authentication server can assist in authorization by informing IP-Reach about the user group to
which a user belongs whenever the authentication server approves a given user's login request. The
sections Implementing LDAP Remote Authentication and Implementing RADIUS Remote
Authentication that follow explain this in more detail.
The flow diagram below illustrates the steps taken:
Login
NO
denied
Permissions
determined by
internal user group
user group
Permissions
User group
determined by
found in internal
YES
internal user group
database?
Permissions
determined by
internal user group,
"UNKNOWN"
Note the importance of the group to which a given user belongs, as well as the need to configure the groups
named, "UNKNOWN" and "NONE." If the external authentication server returns a group name that is not
recognized by IP-Reach, that user's permissions are determined by the permanent group named
"UNKNOWN." If the external authentication server does not return a group name, that user's permissions
are determined by the permanent group named "NONE."
Please see the sections involving LDAP or RADIUS in this chapter to determine how to configure your
authentication server to return user group information to IP-Reach as part of its reply to an authentication
query.
User login with
username /
password
username in
password
internal
YES
correct?
database?
YES
Login
allowed
Internal
lookup of
User group
name provided
YES
by authentication
server?
NO
Permissions
determined by
internal user group,
"NONE"
External
authentication server
NO
configured?
YES
External
authentication
query
Valid
username /
password?
YES
Login
allowed
External
authentication
reply
NO
55
Login
NO
denied
Login
NO
denied

Advertisement

Table of Contents
loading

Related Manuals for Raritan IP-Reach IPR-M1

Related Products for Raritan IP-Reach IPR-M1

This manual is also suitable for:

Ip-reach ipr-tr364Ip-reach ipr-tr362Ip-reach ipr-tr361Ip-reach ipr-m2

Table of Contents