User's Manual
When a user connects to the secure Web server:
•
If the user has a client certificate from a CA listed in the Trusted Root Certificate
file, the connection is accepted and the user is prompted for the system
password.
•
If both the CA certificate and the client certificate appear in the Trusted Root
Certificate file, the user is not prompted for a password (thus providing a single-
sign-on experience - the authentication is performed using the X.509 digital
signature).
•
If the user does not have a client certificate from a listed CA, or does not have a
client certificate at all, the connection is rejected.
Note :
16.2
RADIUS Support
To connect to the Embedded Web Server or Telnet server, the user must provide a valid
name and password. While the device supports only a single system password, it is
possible to enhance login security using a RADIUS server. RADIUS (RFC 2865) is a
standard protocol for authentication, which defines a method for contacting a predefined
server and verifying a given name and password pair against a remote database, in a
secure manner.
16.2.1 Setting Up a RADIUS Server
A free RADIUS server implementation can be downloaded from' h'ttp://www.freeradius.org.
Follow the directions on that site for information on installing and configuring the server. If
you use a RADIUS server from a different vendor, refer to the appropriate documentation.
To set up a RADIUS server, take these 4 steps:
Define the Mediant 1000 as an authorized client of the RADIUS server, with a
1.
predefined "shared secret" - a password used to secure communication. Below is an
example of a clients.conf file (FreeRADIUS client configuration).
#
# clients.conf - client configuration directives
#
client 10.31.4.47 {
secret
shortname
}
Define the users authorized to use the Mediant 1000 on the server, using one of the
2.
password authentication methods supported by the server implementation. The
following example shows a user configuration file for FreeRADIUS using a plain-text
password.
Version 4.6
The process of installing a client certificate on your PC is beyond the scope
of this document. For more information, refer to your Web browser or
operating system documentation, and/or consult your security administrator.
= FutureRADIUS
= TP-1610_name
283
16. Appendix - Security
August 2005