HP Integrated Lights-Out Security, 7th edition

The username and password information in the cookie are enough for authentication and

authorization using the local account database or using the directory with HP schema.

Using IADsNameTranslate lets you login using NetBIOS format (domain\username) or email format.

See the previous Authentication and authorization sections with local accounts for information about

using SSL, session keys, and cookies.

Calculating current privileges

A user’s privileges can change at any time, even while the user is logged in:

• An administrator could change a user’s rights while that user is logged into the iLO device and the

browser session is open.

• A user might be authenticated with directory services but authorized to access the system only

between 8 a.m. and 5 p.m.

• XML scripts could alter privileges.

• Administrators could delete a user account.

• Directory settings could change.

• Time or address-based restrictions could apply.

iLO re-evaluates a user’s privileges every time he makes a request (Figure 7). iLO blocks the user’s

request or logs out the user if the evaluation fails.

Figure 7. Flowchart of iLO process for calculating current user privileges