Table of Contents
Advertisement
D.20 RIO CONFIGURATION UTILITY
Configure authentication
Local authentication
mode
Remote
authentication mode
Root administrator
settings
HMI supervisor
settings
40
From the Authentication menu, you can select the authentication mode and change the
system access settings.
Local authentication makes use of files stored locally to control user authentication, as
opposed to connecting to a remote server to obtain user name and password information.
The D.20 RIO has two types of administrative users.
•
Root – Full privileges to view and modify all system settings in the D.20 RIO and run
commands through the local D.20 RIO command line interface. The root user cannot
log into remote command-line services or the D.20 RIO HMI. The Default user name is
root and the default password is geroot. Only the password can be modified. See
Root Administrator Settings, below.
•
Administrator – Supervisor-level access to all configuration, runtime, operation, and
system administration screens in the D.20 RIO HMI as well as full access to run
commands at the D.20 RIO command line interface when the sudo command is used.
If you are using local authentication, Administrator-level users can be created using
the D.20 RIO configuration utility. See Administrator Group Users, below.
If you enable local authentication mode, be sure to create at least one administrator-level
user before exiting from the D.20 RIO configuration utility. If you log out of the system
without creating any new administrator users, you will not be able to log into the D.20 RIO
remotely.
The D.20 RIO supports two remote authentication modes:
•
RADIUS
•
Cisco
TACACS+
®
RADIUS remote authentication mode requires the following settings:
•
RADIUS server address – valid IPV4 address
•
"Shared secret" as provided by the RADIUS administrator – 6 or more characters
Cisco TACACS+ remote authentication mode requires the following settings:
•
TACACS+ server address – valid IPV4 address
•
TACACS+ secondary server address (if enabled) – valid IPV4 address. If the primary
server does not respond, the D.20 RIO will automatically attempt to connect to the
server at this address instead.
•
Encryption – select whether to enable or disable encryption for the connection
between the D.20 RIO and the TACACS+ server
•
Shared secret (if enabled) – as provided by TACACS+ server administrator
•
Enable reporting of remote host IP address – if enabled, the D.20 RIO will report the IP
address of the D.20 RIO to the authentication server. Only enable this if you are using
an authentication server that supports this feature.
See "Remote authentication mode" on page 40. for information on configuring your
TACACS+ server.
Allows you to change the password associated with the system root user account.
HMI supervisors are allowed full privileges to access to all configuration, runtime,
operation and system administration screens in the D.20 RIO HMI. One default supervisor
account with the username supervisor is always available on the D.20 RIO. You can set the
password of this account using the D.20 RIO configuration utility.
GE Information
CHAPTER 4: SETTING UP THE D.20 RIO
D.20 RIO - HARDWARE USER'S MANUAL
Advertisement
Table of Contents
