Table of Contents
Advertisement
Out devices and users, and the directory can enforce a stronger password policy. iLO enables you to use
local users, directory users, or both.
Privileges
iLO allows the administrator to control user account access to iLO functions through the use of privileges.
When a user attempts to use a function, the iLO system verifies that the user has the privilege before the
user is allowed to perform the function.
Each feature available through iLO can be controlled through privileges, including Administer User
Accounts, Remote Console Access, Virtual Power and Reset, Virtual Media, and Configure iLO Settings.
Privileges for each user can be configured on the User Administration page of the Administration tab.
Login security
iLO provides several login security features. After an initial failed login attempt, iLO imposes a delay of
five seconds. After a second failed attempt, iLO imposes a delay of 10 seconds. After the third failed
attempt, and any subsequent attempts, iLO imposes a delay of 60 seconds. All subsequent failed login
attempts cycles through these values. An information page is displayed during each delay. This will
continue until a valid login is completed. This feature assists in defending against possible dictionary
attacks against the browser login port.
iLO saves a detailed log entry for failed login attempts, which imposes a delay of 60 seconds.
Global security settings
Global security settings allow the administrator to control access to functions or to control specific actions
of functions that have been enabled globally. For example, you can control access to iLO RBSU, enable
or disable Lights-Out Functionality, set the Remote Console timeout, Web server SSL and non-SSL ports,
virtual media port, and set the minimum password length.
Two-factor authentication
iLO is a powerful tool for managing HP ProLiant servers. To prevent misuse of this tool, access to iLO
requires reliable user authentication. The 1.80 firmware release provides a stronger authentication
scheme for iLO using two factors of authentication. Users will be asked to verify their identities by
providing both of these factors. The two factors required are a password or PIN and private key for their
digital certificate. Users will store their digital certificates and private keys wherever they choose, for
example, smart card, USB token, or hard disk.
Setting up two-factor authentication for the first time
This section describes setting up Two-Factor Authentication for the first time using either local user
accounts or directory user accounts. For more information on Two-Factor Authentication settings, refer to
the "Two-Factor Authentication settings (on page 33)" section.
Setting up local user accounts:
Obtain the public certificate from the CA that issues user certificates or smart cards in your
1.
organization.
Export this certificate in base64 encoded format to a file on your desktop, for example, CAcert.txt.
2.
iLO security 58
Advertisement
Table of Contents
Troubleshooting
