1. Administration
ROS® v3.11User Guide
33
RMC30
This parameter identifies the MIB tree(s) to which this entry authorizes read access. If the
value is noView, then read access will not be granted.
WriteViewName
Synopsis: { noView, V1Mib, allOfMib }
Default: noView
This parameter identifies the MIB tree(s) to which this entry authorizes write access. If the
value is noView, then write access will not be granted.
NotifyViewName
Synopsis: { noView, V1Mib, allOfMib }
Default: noView
This parameter identifies the MIB tree(s) to which this entry authorizes access for
notifications. If the value is noView, then access for notifications will not be granted.
1.13. RADIUS
RADIUS (Remote Authentication Dial In User Service) is used to provide centralized
authentication and authorization for network access. ROS® assigns a privilege level of Admin,
Operator or Guest to a user who presents a valid user name and password. The number of
users who can access the ROS® server is ordinarily dependent on the number of user records
which can be configured on the server itself. ROS® can also, however, be configured to pass
along the credentials provided by the user to be remotely authenticated by a RADIUS server. In
this way, a single RADIUS server can centrally store user data and provide authentication and
authorization service to multiple ROS® servers needing to authenticate connection attempts.
1.13.1. RADIUS overview
RADIUS (described in
[http://tools.ietf.org/html/rfc2865]) is a UDP-based protocol
used for carrying authentication, authorization, and configuration information between a
Network Access Server which desires to authenticate its links and a shared Authentication
Server.
A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of
authentication servers.
Unlike , authorization and authentication functionality is supported by RADIUS in
the same packet frame. actually separates authentication from authorization into
separate packets.
On receiving an authentication-authorization request from a client in an “Access-Request”
packet, the RADIUS server checks the conditions configured for received username-password
combination in the user database. If all the conditions are met, the list of configuration values
for the user is placed into an “Access-Accept” packet. These values include the type of service
(e.g. SLIP, PPP, Login User) and all the necessary values to deliver the desired service.
1.13.2. User Login Authentication and Authorization
A RADIUS server can be used to authenticate and authorize access to the device's services,
such as HMI via Serial Console, Telnet, SSH, RSH, Web Server (see Password Configuration).
ROS® implements a RADIUS client which uses the Password Authentication Protocol (PAP)
to verify access. Attributes sent to a RADIUS server are: