Alcatel-Lucent 6600 Switch User Manual


 
LDAP Servers Managing Authentication Servers
page 20-22 OmniSwitch 6600 Family Network Configuration Guide April 2006
For more information about configuring users on the switch, see the Switch Security chapter of the
OmniSwitch 6600 Family Switch Management Guide.
Configuring Authentication Key Attributes
The alp2key tool is provided on the Alcatel software CD for computing SNMP authentication keys.The
alp2key application is supplied in two versions, one for Unix (Solaris 2.5.1 or higher) and one for
Windows (NT 4.0 and higher).
To configure the bop-shakey or bop-md5key attributes on the server:
1 Use the alp2key application to calculate the authentication key from the password of the user. The
switch automatically computes the authentication key, but for security reasons the key is never displayed
in the CLI.
2 Cut and paste the key to the relevant attribute on the server.
An example using the alp2key tool to compute the SHA and MD5 keys for mypassword:
ors40595{}128: alp2key mypassword
bop-shakey: 0xb1112e3472ae836ec2b4d3f453023b9853d9d07c
bop-md5key: 0xeb3ad6ba929441a0ff64083d021c07f1
ors40595{}129:
Note. The bop-shakey and bop-md5key values must be recomputed and copied to the server any time a
user’s password is changed.
LDAP Accounting Attributes
Logging and accounting features include Account Start, Stop and Fail Times, and Dynamic Log. Typi-
cally, the Login and Logout logs can be accessed from the directory server software. Additional third-party
software is required to retrieve and reset the log information to the directory servers for billing purposes.
The following sections describe accounting server attributes.
AccountStartTime
User account start times are tracked in the AccountStartTime attribute of the user’s directory entry that
keeps the time stamp and accounting information of user log-ins. The following fields (separated by
carriage returns “|”) are contained in the Login log. Some fields are only used for Layer 2 Authentication.
Fields Included For Any Type of Authentication
User account ID or username client entered to log-in: variable length digits.
Time Stamp (YYYYMMDDHHMMSS (YYYY:year, MM:month, DD:day, HH:hour, MM:minute,
SS:second)
Switch serial number: Alcatel.BOP.<switch name>.<MAC address>
Client IP address: variable length digits.
Fields Included for Layer 2 Authentication Only
Client MAC address: xx:xx:xx:xx:xx:xx:xx (alphanumeric).