Raritan Computer DKX116 Webcam User Manual

Open as PDF

of 72

40 DOMINION KX USER MANUAL

Authentication vs. Authorization

When your Dominion KX unit is configured for remote authentication, the external authentication server is

used primarily for the purposes of authentication, not authorization.

Authorization is determined by Dominion KX on the basis of user groups. That is, once a given user is

allowed to access the Dominion KX system in general (authenticated), that user’s specific permission

(authorization) is determined by Dominion KX based upon the user’s group.

The external authentication server can assist in authorization by informing Dominion KX about the user

group to which a user belongs whenever the authentication server approves a given user’s login request.

The sections Implementing LDAP Remote Authentication and Implementing RADIUS Remote

Authentication that follow explain this in more detail.

This is most easily described via a simple flow diagram:

User login with

username /

password

username in

internal

database?

password

correct?

denied

allowed

Permissions

determined by

internal user group

Internal

lookup of

user group

External

authentication server

configured?

denied

External

authentication

query

Valid

username /

password?

denied

External

authentication

allowed

User group

name provided

by authentication

server?

Permissions

determined by

internal user group,

“NONE”

User group

found in internal

database?

YESNO

YES

NO NO

YES

Permissions

determined by

internal user group,

“UNKNOWN”

Permissions

determined by

internal user group

YES

Figure 38 Authorization Flow Diagram

Note the importance of the group to which a given user belongs, as well as the need to configure the groups

named, “UNKNOWN” and “NONE.” If the external authentication server returns a group name that is not

recognized by Dominion KX, that user’s permissions are determined by the permanent group named

“UNKNOWN.” If the external authentication server does not return a group name, that user’s permissions

are determined by the permanent group named “NONE.”

Please see the sections LDAP or RADIUS in this chapter to determine how to configure your

authentication server to return user group information to Dominion KX as part of its reply to an

authentication query.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Raritan Computer DKX116 Webcam User Manual