User guide

Chapter 5: Users, Groups, and Access Permissions

Remote Authentication

Note to CC-SG Users

WhentheKXII‐101iscontrolledbyCommandCenterSecureGateway,

CC‐SGauthenticatesusersandgroups,exceptforlocalusers(requiring

localportaccess).WhenCC‐SGiscontrollingtheKXII‐101,localport

userswillbeauthenticatedagainstthelocaluserdatabaseortheRemote

Authenticationserver(LDAP/LDAPSorRADIUS)co

nfiguredontheKX

II‐101;theywillnotbeauthenticatedagainsttheCC‐SGuserdatabase.

ForadditionalinformationaboutCC‐SGauthentication,refertothe

CommandCenterSecureGatewayUserGuide,AdministratorGuide,or

DeploymentGuideat:

http://www.raritan.com/support/productdocumentation.

Supported Protocols

Inordertosimplifymanagementofusernamesandpasswords,theKX

II‐101providesthecapabilitytoforwardauthenticationrequeststoan

externalauthenticationserver.Twoexternalauthenticationprotocolsare

supported:LDAP/LDAPSandRADIUS.

Note on Microsoft Active Directory

MicrosoftActiveDirectoryusestheLDAP/LDAPSprotocolnatively,and

canfunctionasanLDAP/LDAPSserverandauthenticationsourcefor

KXII‐101.IfithastheIAS(InternetAuthorizationServer)component,a

MicrosoftActiveDirectoryservercanalsoserveasaRADIUS

authenticationsource.

Authentication vs. Authorization

Authenticationistheprocessofverifyingthatauseriswhohesaysheis.

Onceauserisauthenticated,theuserʹsgroupisusedtodeterminehis

systemandportpermissions.Theuserʹsassignedprivilegesdetermine

whattypeofaccessisallowed.Thisiscalledauthorization.

WhenKXII‐10

1isconfiguredforremoteauthentication,theexternal

authenticationserverisusedprimarilyforthepurposesof

authentication,notauthorization.