Raritan Computer DKX132 Network Router User Manual


 
38 DOMINION KX USER GUIDE
Remote Authentication
Introduction
Note to CC-SG Users
If you are using Dominion KX in a CommandCenter Secure Gateway configuration, this section
of the User Manual does not apply to you. When the device is controlled by CommandCenter
Secure Gateway, CC-SG determines Remote Authentication. Please see the CommandCenter
Secure Gateway User Guide, Administrator Guide, or Deployment Guide at
http://www.raritan.com/support/sup_prdmanuals.aspx#com for additional information.
Note to Raritan Customers Upgrading from Previous Firmware Versions
If you have previously implemented RADIUS authentication on Raritan products such as
Dominion KSX and IP-Reach running legacy firmware versions earlier than v3.2, read this entire
section carefully. Beginning with firmware version v3.2 and above, the implementation of
external authentication has changed significantly to provide more flexible and powerful
configurations.
Supported Protocols
In order to simplify management of usernames and passwords, device provides the capability to
forward authentication requests to an external authentication server. The device supports two
external authentication protocols: LDAP and RADIUS.
Note on Microsoft Active Directory
Microsoft Active Directory uses the LDAP protocol natively, and can function as an LDAP
server and authentication source for Dominion KX. If it has the IAS (Internet Authorization
Server) component, a Microsoft Active Directory server can also serve as a RADIUS
authentication source.
Note on Remote Login Usernames and Passwords
The Dominion KX login username and password are both limited to 16 characters. Keep this
limitation in mind when setting up remote authentication, because remote authentication
usernames and password could exceed this minimum length.
Remote Authentication Implementation
Priority
When a user tries to authenticate to a Dominion KX unit that is configured for external
authentication, Dominion KX first checks its own internal user database for that username. If the
username is not found in the Dominion KX internal database, the request is forwarded to the
external authentication server.
If Username is not found in the Dominion KX internal database: Request is forwarded to
external authentication server to determine whether the login is allowed or denied.
If Username is found in the Dominion KX internal database and Password is correct:
Login is allowed.
If Username is not found in the Dominion KX internal database and Password is
incorrect: Login is denied; the request does NOT get forwarded to the external
authentication server.