Server User Manual

Note: Kerberos is very sensitive to time differences between the Key Distribution Center (KDC)
authentication server and the client device. Please make sure that NTP is enabled, and the time
zone is set correctly on the console server.
When authenticating against Active Directory, the Kerberos Realm will be the domain name, and the
Master KDC will be the address of the primary domain controller.
9.1.12 Authentication testing
The Authentication Testing option enables the connection to the remote authentication server to be
tested.
9.2 PAM (Pluggable Authentication Modules)
The console server supports RADIUS, TACACS+, and LDAP for two-factor authentication via PAM
(Pluggable Authentication Modules). PAM is a flexible mechanism for authenticating users. Nowadays, a
number of new ways of authenticating users have become popular. The challenge is that each time a
new authentication scheme is developed, you need to rewrite all the necessary programs (login, ftpd,
etc.) to support it.
PAM provides a way to develop programs that are independent of authentication scheme. These
programs need “authentication modules” to be attached to them at run-time in order to work. Which
authentication module is attached depends on the local system setup and is at the discretion of the local
Administrator.
The console server family supports PAM with the following modules added for remote authentication:
RADIUS - pam_radius_auth (http://www.freeradius.org/pam_radius_auth/)
_____________________________________________________________________
724-746-5500 | blackbox.com Page 175