Users who attempt to log in to the SLC by means of Telnet, SSH, the console port, or one of the device ports are granted access by one or more authentication methods.
Local user authentication is always enabled and is the first method the SLC uses to authenticate users. The User Authentication page provides a submenu of other methods (NIS, LDAP, RADIUS, Kerberos, TACACS+) you can select to authenticate users attempting to log in. Use this page to assign the order in which the SLC will use the methods.
If you enable multiple authentication methods, and a user has a login ID for more than one of these methods, the login defaults to the highest priority authentication method based on the settings made on this web page.
If you have the same user name defined in multiple authentication methods, the result is unknown.
Example:
There is an LDAP user "joe" and an NIS user "joe," and the order of authentication methods is:
1 - Local Users
2 - LDAP
3 - NIS
User "joe" tries to log in. Because there is an LDAP user "joe," the SLC tries to authenticate him against his LDAP password first. If he fails to log in, then the SLC may (or may not) try to authenticate him against his NIS "joe" user password.
To enable, disable, and set the precedence of authentication methods:
To enable a method currently in the Disabled methods list, select the method and press the left arrow to the left of the list. The methods include:
NIS |
A network naming and administration system for smaller networks. |
LDAP |
A protocol for accessing information directories. |
RADIUS |
An authentication and accounting system used by many Internet Service Providers (ISPs). |
Kerberos |
A network authentication protocol that provides strong authentication for client/server applications by using secret-key cryptography. |
TACACS+ |
An authentication protocol that allows a remote access server to communicate with an authentication server to determine whether the user has access to the network. |
Local Users |
Local accounts on the SLC used to authenticate users who log in using SSH, Telnet, the web, or the console port. |
To disable a method currently in the Enabled methods list, select the method and click the right arrow between the lists.
To set the order in which the SLC will authenticate users, use the up and down arrows to the left of the Enabled methods list.
To save, click Apply.
See Also