HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide
5
Figure 2 TAM local authentication and authorization
In Figure 2, PCs in blue represent the PCs used by device users, and Devices in blue represent the
manageable devices.
In TAM local authentication-authorization mode, when a device user logs in to manage a device, the
TAM server performs authentication for the device user. If the device user passes authentication, the TAM
server uses a locally saved authorization policy to perform login authorization and command
authorization for the device user.
LDAP authentication + TAM local authorization
The device to which a user wants to log in sends the user account name and password to the TAM server,
which then sends the information to the LDAP server for authentication. The LDAP server sends the
authentication result back to the TAM server. TAM permits or denies user login to the device according
to the authentication result.
If the user is permitted login to the device, TAM performs login authorization and command authorization
for the user. The device and the TAM server use the TACACS+ protocol to exchange packets with each
other. The TAM server and the LDAP server use the LDAP protocol to exchange packets with each other.
The device user information is saved in the LDAP server. The authorization policies for device users are
saved in the TAM local database.