AWAN 3883/4/5 Access Server Configuration and Management Manual
Configuring Security for Remote Access Users
AWAN 3883/4/5 Access Server Configuration and Management Manual—424242-001
13-3
Default Template
•
The server database, which is maintained on the AWAN access server in its
nonvolatile random access memory.
Each AWAN access server can have a different user list, or the same list can be cloned to
multiple AWAN access servers. To connect to the network through the AWAN access
server, each user must have a user name and password. Configuring user lists is
explained in Section 7, Configuring User and Port Access
.
The Autoconnect feature requires that the GUEST user name be configured without a
password, presenting a potential security problem for dial-in users. (The GUEST user
name is provided by default and is assigned a blank password.) To prevent dial-in users
from using the GUEST user name, use the Protocols tab dialog box to disable PPP,
NASI, NRN, SLIP, ARA, LAT, and Rlogin; only Telnet should be enabled. The
Protocols tab dialog box is described in Step 2: Enabling Protocols for a User
on
page 7-10.
Default Template
A default template, which is stored on the AWAN access server, can be used together
with NetWare Bindery, SecurID, and XTACACS to authorize rights to users. The
protocols and security features for the default template can be modified for each AWAN
access server. The template is a means of restricting end-user access after the user has
been authenticated by SecurID or XTACACS. Modifying the default template is
explained in Modifying the Default Template
on page 13-6.
NetWare Bindery
The NetWare Bindery is a database that resides on a Novell NetWare network server.
This database contains each user’s name and password. Configuring NetWare Bindery is
explained in Configuring NetWare Bindery Authorization
on page 13-9.
Note. Do not confuse the AWAN access server user list with the Checkpoint user list. The
Checkpoint user list is used to authenticate and authorize various capabilities for users of the
RAS Management Tool. The Checkpoint user list is described in Section 4, Setting Up RAS
Management Tool Security.
Note. The GUEST user name is not a security issue for asynchronous terminal users because
Tandem applications, such as TACL, have their own login security. For information about the
Autoconnect feature, refer to Configuring the Autoconnect Feature on page 8-24.