HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional 100-node License

121

122

123

124

125

126

127

128

129

130

120

11 Configuring global system settings

The global system settings determine the operation of the TAM system and its services.

Global system settings include:

• System parameters

• System operation log parameters

• System configuration validation

Configuring system parameters

System parameters are related to all services in TAM, and must be properly configured to guarantee

normal operation of services.

To configure the system parameters:

1. Click the Service tab.

2. Select TACACS+ AuthN Manager > Service Parameters > System Configuration from the

navigation tree.

The System Configuration list displays all system configurations.

3. Click the Configure icon for the System Parameters entry.

4. Configure the system parameters:

 Aging Time—Set the time interval at which TAM checks the status of each online user. If the

duration since the Watchdog packet of a user was received exceeds the aging time, TAM

considers that the user is offline and removes the user from the online user list. HP recommends

that you set the value to at least three times the sending interval of Watchdog packets. The

sending interval of Watchdog packets is configured on the device. When you add or modify

a device in TAM, if you set the Watchdog field to Not Supported, TAM cannot automatically

clear online users that log in to the device.

 Max. Authentication Attempts—Set the maximum number of consecutive authentication

attempts permitted for a device user with incorrect passwords. If the maximum authentication

attempts are exceeded, TAM adds the user to the blacklist. Blacklisting an online user does not

affect other logged-in users. However, the blacklisted online user cannot log in to any other

devices. The user is released from the blacklist at 00:00 the next day. If you do not want to

restrict the authentication attempts, set the parameter to 0.

 Cancelled User Lifetime—Specify how long TAM keeps the account information and related

authentication, authorization, and audit logs of a device user in the system after the user is

cancelled. When the time expires, TAM permanently deletes the account information and logs

of the device user. You can query users that have been cancelled but whose lifetime is not

expired by using the advanced query function for device users and setting the user status to

Cancelled. For more information about the advanced query function, see "Querying device

users." You can query logs for cancelled users by using the advanced query function for logs

and setting the user status to Cancelled. For more information about the advanced query

function, see "Querying authentication logs," "Querying authorization logs," and "Querying

audit logs."