Manualshelf

HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional Unlimited-node License
12345678910
3
A device user is a network maintainer that uses account name and password to log in to manage a
device. An authorization policy is a set of rules that control device user privileges.
An authorization policy defines multiple access scenarios, which correspond to different authorization
rules. When a device user logs in to manage a device, TAM authorizes the device user according to the
authorization rule defined in the access scenario that the device user matches.
An authorization policy can be applied to a device user or a device user group. A device user preferably
uses the authorization policy specified for it. If no authorization policy is specified for the device user, it
uses the authorization policy of the user group to which it belongs.
TAM user types
TAM contains the following types of users:
Common device usersA common device user that uses an account name and password for
authentication. TAM saves and maintains user information.
LDAP usersAn LDAP user is a TAM device user bound with an LDAP policy. When TAM receives
a user authentication request, it delivers the account name and password to the LDAP server for
authentication. LDAP user information is saved in both the LDAP server and the TAM server. The
LDAP server maintains user information. TAM periodically synchronizes user information from the
LDAP server. If a network already uses an LDAP server to manage users, HP recommends using
LDAP users when deploying the TAM system to the network.
Scenario-based authorization
TAM supports access scenario-based authorization. An authorization policy defines multiple access
scenarios. When a device user logs in to manage a device, if the device user matches a scenario, TAM
authorizes the device user according to the rule defined in the matching scenario.
Login authorization and command authorization
TAM assigns an authorization policy to perform login authorization and command authorization for a
device user.
Login authorization—TAM uses shell profiles to control login behaviors of device users. A shell
profile specifies these authorization items: ACL, auto run command, privilege level, user-defined
attributes, idle time, and timeout.
Command authorizationTAM uses command sets to control the commands that a user can
execute. When a user executes a command, TAM determines whether to allow the user to execute
the command according to the command set that the user matches.