Advanced Account Security; Prerequisites - Cisco TelePresence Video Communication Server Administrator's Manual
Hide thumbs
Also See for TelePresence Video Communication Server:
- Command reference manual (95 pages)
Table of Contents
Advertisement
The Username format field can contain a mixture of fixed text and the capture group names
l
used in the Regex. Delimit each capture group name with #, for example,
prefix#Group1#suffix. Each capture group name will be replaced with the text obtained
from the regular expression processing.
3. Click Check certificate.
4. The results of the test are shown in the Certificate test results section. The Resulting string
item is the username credential that would be checked against the relevant authorization
mechanism to determine that user's authorization (account access) level.
5. If necessary, you can modify the Regex and Username format fields and repeat the test until the
correct results are produced.
If the Certificate source is an uploaded PEM or plain text file, the selected file is temporarily
l
uploaded to the VCS when the test is first performed:
if you want to keep testing different Regex and Username format combinations against
o
the same file, you do not have to reselect the file for every test
if you change the contents of your test file on your file system, or you want to choose a
o
different file, you must click Browse again and select the new or modified file to upload
6. If you have changed the Regex and Username format fields from their default values and want to
use these values in the VCS's actual configuration (as specified on the
authentication configuration
Note:
Any uploaded test file is automatically deleted from the VCS at the end of your login session.
n
The regex is applied to a plain text version of an encoded certificate. The system uses the
n
command openssl x509 -text -nameopt RFC2253 -noout to extract the plain text
certificate from its encoded format.
Advanced account security
The Advanced account security page
configure the VCS for use in highly secure environments.
This page can only be accessed if the Advanced Account Security option key is installed.
Enabling advanced account security limits login access to remotely authenticated users using the web
interface only, and also restricts access to some VCS features. To indicate that the VCS is in
advanced account security mode, any text specified as the Classification banner message is
displayed on every web page.
Note that a system reboot is required for changes to the advanced account security mode to take
effect.
Prerequisites
Before advanced account security mode can be enabled, the VCS must be configured to use
account authentication
for administrator accounts.
Note: ensure that the remote directory service is working properly, as after advanced account security
is enabled you will not be able to log in to the VCS via the local admin account or as root.
You are also recommended to configure your system so that:
SNMP
is disabled
n
the
session time out period
n
HTTPS client certificate validation
n
login account LDAP server
n
(CRL) checking set to All
remote logging
is disabled
n
Cisco VCS Administrator Guide (X6.1)
page) then click Make these settings permanent.
(Maintenance > Advanced account
is set to a non-zero value
is enabled
configuration uses TLS encryption and has certificate revocation list
Maintenance
Certificate-based
security) is used to
remote
Page 202 of 401
Advertisement
Table of Contents
