Table of Contents
Advertisement
11: User Authentication
Users who attempt to log in to the SLB branch office manager by means of Telnet, SSH, the
console port, or one of the device ports are granted access by one or more authentication
methods.
The User Authentication page provides a submenu of methods (Local Users, NIS, LDAP,
RADIUS, Kerberos, and TACACS+) for authenticating users attempting to log in. Use this page to
assign the order in which the SLB unit will use the methods. By default, local user authentication is
enabled and is the first method the SLB device uses to authenticate users. If desired, you can
disable local user authentication or assign it a lower precedence.
Note:
Regardless of whether local user authentication is enabled, the local user
sysadmin account is always available for login. For security purposes, full administrative
access to the SLB via the default sysadmin local user account can be limited to only the
front console port of the SLB device. See
Authentication can occur using all methods, in the order of precedence, until a successful
authentication is obtained, or using only the first authentication method that responds (in the event
that a server is down).
If you have the same user name defined in multiple authentication methods, the result is unknown.
Example:
There is an LDAP user "joe" and an NIS user "joe" and the order of authentication methods is:
1. Local Users
2. LDAP
3. NIS
User "joe" tries to log in. Because there is an LDAP user "joe," the SLB branch office manager tries
to authenticate him against his LDAP password first. If he fails to log in, then the SLB unit may (or
may not) try to authenticate him against his NIS "joe" user password.
SLB™ Branch Office Manager User Guide
Limiting Sysadmin User Access (on page
45).
186
Advertisement
Table of Contents
