MCR-MGT Module Specific Commands 19
Authentication Commands
Authentication Commands
Set authentication
Set authentication Kerberos
Set authentication LDAP/Active Directory
Description Sets the authentication method for the MCR-MGT Management Module.
User Level Admin
Syntax
set authentication [type primary|secondary
raduis|kerberos|ldap|nis|securid|tacacs+|none] [bypass-login
on|off] [secondary-as-backup disabled|enabled]
type You can define up to two authentication methods which will be used to grant access to
users accessing the MCR-MGT Management Module. The type parameter defines
which method is used first as well as the type of authentication associated with that
method.
The first parameter for type is the designation of "primary" or "secondary". The
"primary" authentication method is the one that the MCR-MGT Management Module
attempts first. If a secondary method is also defined, it may or not be used depending
on the setting of the "secondary-as-backup" parameter.
The next parameter after the "primary" or "secondary" will be the authentication type.
The following types can be specified.
radius, kerberos, ldap, nis, securid, tacacs+ or none.
bypass-login This defines whether users accessing the MCR-MGT Management Module will be
required to login before gaining access the unit. The next parameter is as follows;
on - users will be required to login.
off - users will not be required to login.
secondary-
as-backup
If this option is selected (enabled), the secondary authentication method will only be
attempted if the MCR-MGT module can not reach the primary authentication host. (i.e.
if the primary authentication host indicates that the user does not have access, the
secondary authentication method will not be attempted). In other words, the secondary
is only used as a backup to the primary in case the primary is not available.
If this options is not selected (disabled), the secondary authentication will always be
tried if the primary authentication is not successful (for any reason including an
indication from the primary that the user is not authenticated).
Default: Disabled (not selected).
Description Configures Kerberos authentication settings.
User Level Admin
Syntax
set authentication kerberos [kdc-domain <text>] [port <number>]
[realm <text>]
kdc-domain
The name of a host running the KDC (Key Distribution Center) for the specified realm.
The host name that you specify must either be defined in the MCR-MGT Management
Module’s
Host Table before the last reboot or be resolved by DNS.
port
The port that the Kerberos server listens to for authentication requests.
Default: 88
realm
The Kerberos realm is the Kerberos host domain name, in upper-case letters.
Description Configures LDAP/Active Directory authentication settings.
User Level Admin