C
HAPTER
9:
C
ONFIGURING
R
EMOTE
A
UTHENTICATION
99
Chapter 9: Configuring Remote Authentication
Authentication and Authorization (AA)
Users of CC-SG can be locally authenticated and authorized on the CC-SG or remotely
authenticated using the following supported directory servers:
•
Microsoft Active Directory (AD)
•
Netscape’s Lightweight Directory Access Protocol (LDAP)
•
•
RADIUS
Any number of remote RADIUS, , and LDAP servers can be used for external
authentication. For example, you could configure three AD servers, two iPlanet (LDAP) servers,
and three RADIUS servers.
Flow for Authentication
When remote authentication is enabled, authentication and authorization follow these steps:
1.
The user logs into CC-SG with the appropriate user name and password.
2.
CC-SG connects to the external server and sends the user name and password.
3.
User name and password are either accepted or rejected and sent back. If authentication is
rejected, this results in a failed login attempt.
4.
If authentication is successful, local authorization is performed. CC-SG checks if the user
name entered matches a group that has been created in CC-SG or imported from AD, and
grants privileges per the assigned policy.
When remote authentication is disabled, both authentication and authorization are performed
locally on CC-SG.
User Accounts
User Accounts must be added to the authentication server for remote authentication. Except when
using AD for both authentication and authorization, all remote authentication servers require that
users be created on CC-SG. The user’s username on both the authentication server and on CC-SG
must be the same, although the passwords may be different. The local CC-SG password is used
only when remote authentication is disabled. Please refer to
Chapter 7: Adding and Managing
Users and User Groups
for additional information on adding users who will be remotely
authenticated.
Note: If remote authentication is used, users have to contact their Administrators to change their
passwords on the remote server. Passwords cannot be changed on CC-SG for remotely
authenticated users.
Содержание CC-SG
Страница 2: ...This page intentionally left blank...
Страница 26: ...12 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Страница 46: ...32 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Страница 158: ...144 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Страница 228: ...214 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Страница 236: ......
Страница 246: ...232 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Страница 248: ...234 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Страница 250: ...236 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Страница 256: ...242 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...