Lantronix SCS1620 Podręcznik Użytkownika Strona 113
- Strona / 141
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
SCSxx05/SCSxx20 User Guide 9: Port Access
9-9
Bypassing Authentication
Note: The ability to bypass the authentication mechanisms, as described
below, may not be deployed on your particular console server. If it has
been deployed on your console server and you have specified that
authentication should not take place on certain serial ports, beware!
Enable this feature only if the console server is located within a fully
protected internal network, and all of the users can be trusted.
The console server requires each user of a serial port to be authenticated by the
console server itself. The console server also requires each user who accesses
the serial ports to have the proper direct, listen, and/or clear port permissions on
a per port basis. This is the default operation. The authentication within the Linux
login program is done using the Pluggable Authentication Module (PAM). This
authentication module supports a wide variety of authentication types, for
example, local password files, NIS, NIS+, LDAP, and Kerberos. The SCS
supports the use of local password files, NIS, and LDAP.
On some console server systems, you can allow a Telnet connection directly to a
serial port to bypass the authentication mechanism on the console server. This
allows a client to connect directly to a serial port from anywhere on your network
(segment). Of course, this can introduce security concerns. As a minimum, the
device that is connected to the other end of the serial port should use some type
of authentication method. Some sites may have their console servers on a
dedicated internal network that only a system administrator (or a console
management software application) can access. This additional step of
authentication becomes either a nuisance or causes problems with the console
management software application. In this case, you can indicate, on a port-by-
port basis, that authentication not be done by the console server.
When you designate a serial port to have the console server authentication
scheme bypassed, the appropriate sections of the login program are bypassed.
Although the system never prompts the user for a username or password, the
user automatically defaults to “nobody” on the console server.
To disable the authentication mechanism for directly connected serial ports,
make two sets of changes.
1. Set a flag in the /lci/lwip_serial.conf file based on the specific serial
port/IP/port number entry. The login process checks this file. A one (1) in the
authentication column indicates that authentication must be done. A zero
(0) indicates that authentication will not be done for this serial port/IP/port
number entry.
Note: The authentication flag is specific to each serial port/IP/port
number entry You can allow direct access to a serial port by an IP
port number or by an assigned IP address. You may require
authentication for serial ports accessed by assigned IP addresses
and not require authentication for serial ports accessed by the IP port
numbers. You can configure this; however, you can make only one
direct connection to a serial port at a time.
- SCSxx05/SCSxx20 1
- Secure Console Server 1
- User Guide 1
- Copyright & Trademark 2
- LINUX GPL Compliance 2
- Contacts 2
- Disclaimer & Revisions 3
- Safety Precautions 4
- Precauciones de seguridad 5
- Sicherheitshinweise 7
- Меры предосторожности 8
- Contents 16
- SCSxx05 and SCSxx20 21
- Hardware Features 23
- System Features 24
- Protocol Support 24
- System Components 25
- Connection Formats 25
- Access Control 26
- Device Port Buffer 27
- Technical Specifications 28
- Product Information Label 29
- System Resource Information 30
- Physical Installation 31
- AC Input 32
- DC Input 32
- Connecting a Terminal 33
- Connecting to a Device Port 34
- Connecting the Network Port 35
- Power Manager Interface 36
- Before You Begin 37
- Navigating 38
- Entering the Settings 38
- Method # 2- Using Telnet 40
- Accessing the Setup Menu 42
- Done Option 44
- Configuring Timezone 46
- Configuring DNS 48
- Configuring Services 49
- Configuring NTP 50
- Configuring Email Relay 51
- Configuring Timeouts 51
- Configuring CHAP Secrets 55
- Configuring PAP Secrets 56
- Configuring NIS 57
- Configuring LDAP 58
- Configuring RADIUS 59
- Configuring NFS Mount 60
- Configuring Device Ports 63
- Device Port Menu 64
- Device Port Names 64
- Device Port Parameters 65
- Device Logging Parameters 68
- Log file size (in bytes) 69
- Updating Software 72
- Using Done 74
- Rebooting 75
- Accessing the Web Interface 76
- Configurable Parameters 77
- Web Access Delay 78
- Saving Web Interface Entries 79
- Exiting 79
- Installing a Modem Card 80
- Initializing the Modem 80
- Security and Passwords 82
- Changing the Root Password 83
- User Access and Functions 84
- Terminal Port Access 85
- Modem Module 85
- Selecting a Device Port 85
- Direct Mode 86
- Logging Out 87
- Summary of Commands 88
- System Commands 89
- SCS4805 Shell V4.00 92
- Device Commands 94
- User Management Commands 96
- User Commands 99
- Advanced Sysadmin Commands 100
- Accessing Serial Ports 105
- Testing 108
- Saving the Changes to Flash 108
- Setting the IP Addresses 109
- Final Testing 112
- Bypassing Authentication 113
- SCSxx05 122
- SCSxx05 Adapters 123
- SCSxx20 132
- SCSxx20 Adapters 133
- Compliance Information (1) 138
- Compliance Information (2) 140
- Warranty 141
© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.080 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji