Filter
Top Products
Using the RILOE II 33
3.
Click No for the alert types that you want to disable.
4. Click Apply SNMP Settings.
Two-Factor Authentication Settings
The Two-Factor Authentication Settings page displays the configuration of two-factor authentication
settings, the trusted CA certificate information, and provides a method of changing the configuration and
importing or deleting a trusted CA certificate.
The Enforce Two-Factor Authentication setting controls whether two-factor authentication is used for user
authentication during login. Selecting Yes for the Enforce Two-Factor Authentication setting will require
two-factor authentication. The No value disables the feature and allows login with user name and
password only. You cannot change the setting to Yes if a trusted CA certificate is not configured.
Changing the setting resets RILOE II saving the changes. To provide the necessary security, the following
configuration changes are made when two-factor authentication is enabled:
• Remote Console Data Encryption: Yes (Disables telnet access)
• Enable Secure Shell (SSH) Access: No
• Serial Command Line Interface Status: Disabled
If telnet, SSH, or Serial CLI access is required, re-enable these settings after two-factor authentication is
enabled. However, because these access methods do not provide a means of two-factor authentication,
only a single factor is required to access RILOE II with telnet, SSH or Serial CLI.
When two-factor authentication is enabled, access with the CPQLOCFG utility is disabled, because
CPQLOCFG does not supply all authentication requirements. However, the HPONCFG utility is functional,
because administrator privileges on the host system are required to execute the utility.
The Check for Certificate Revocation setting controls whether RILOE II uses the certificate CRL distribution
points attribute to download the latest CRL and check for revocation of the client certificate. If the client
certificate is contained in the CRL or if the CRL cannot be downloaded for any reason, access is denied.
The CRL distribution point must be available and accessible to RILOE II when Check Certificate Revocation
is set to Yes.
The Certificate Owner Field setting specifies which attribute of the client certificate to use when
authenticating with the directory. If SAN is specified, RILOE II extracts the User Principle Name from the
Subject Alternative Name attribute and then uses the User Principle Name when authenticating with the