SecureLinx SLC User Guide
91
1
1
0
0
:
:
U
U
s
s
e
e
r
r
A
A
u
u
t
t
h
h
e
e
n
n
t
t
i
i
c
c
a
a
t
t
i
i
o
o
n
n
Users who attempt to log in to the SLC by means of Telnet, SSH, the console port, or one
of the device ports are granted access by one or more authentication methods.
The User Authentication page provides a submenu of methods (Local Users, NIS, LDAP,
RADIUS, Kerberos, and ) for authenticating users attempting to log in. Use this
page to assign the order in which the SLC will use the methods. By default, local user
authentication is enabled and is the first method the SLC uses to authenticate users. If
desired, you can disable local user authentication or assign it a lower precedence.
Note:
Regardless of whether local user authentication is enabled, the local user
sysadmin account is always available for login.
Authentication can occur using all methods, in the order of precedence, until a successful
authentication is obtained, or using only the first authentication method that responds (in
the event that a server is down).
If you have the same user name defined in multiple authentication methods, the result is
unknown.
Example:
There is an LDAP user "joe" and an NIS user "joe" and the order of
authentication methods is:
1 - Local Users
2 - LDAP
3 - NIS
User "joe" tries to log in. Because there is an LDAP user "joe," the SLC tries to
authenticate him against his LDAP password first. If he fails to log in, then the
SLC may (or may not) try to authenticate him against his NIS "joe" user
password.
To enable, disable, and set the precedence of authentication methods:
1. From the main menu, select
User Authentication
. The following page displays:
