Web Manager for Administrators 221
Configuration
T To Configure Group Authorization on a TACACS+ Server
1. On the server, add “raccess” service to the user configuration and define
which group or groups the user belongs to.
2. If "raccess" service is already defined, add the group information to it.
3. “Enable Raccess Authorization” on KVM/net through the Web Manager at
Configuration>Security>Authentication>Tacacs+ form.
Security Profiles
A Security Profile consists of a set of parameters that can be configured in
order to have more control over the services that are active at any time. There
are three pre-defined security profiles with pre-set parameters. In addition, a
Custom profile is provided where an administrator can configure individual
protocols and services.
Pre-defined Security Profiles
There are three pre-defined security profiles:
1. Secure - The Secure profile disables all protocols except SSHv2 and
HTTPS. SSH root access is not allowed. Direct access to KVM
connections are not available.
2. Moderate (Default) - The Moderate profile is the recommended security
level. This profile enables SSHv1, SSHv2, HTTP, HTTPS, and Telnet. In
addition, ICMP and HTTP redirection to HTTPS are enabled. Direct
access to KVM connections are not available.
3. Open - The Open profile enables all services such as Telnet, SSHv1,
SSHv2, HTTP, HTTPS, SNMP, RPC, ICMP, and Telnet. Direct access to
KVM connections are available.
user = usergroup1 {
service = raccess {
group_name = <Group1>[,<Group2>,...,<GroupN>];
}
}