User guide
Chapter 5: Users, Groups, and Access Permissions
61
Remote Authentication
Note to CC-SG Users
WhentheKXII‐101iscontrolledbyCommandCenterSecureGateway,
CC‐SGauthenticatesusersandgroups,exceptforlocalusers(requiring
localportaccess).WhenCC‐SGiscontrollingtheKXII‐101,localport
userswillbeauthenticatedagainstthelocaluserdatabaseortheRemote
Authenticationserver(LDAP/LDAPSorRADIUS)co
nfiguredontheKX
II‐101;theywillnotbeauthenticatedagainsttheCC‐SGuserdatabase.
ForadditionalinformationaboutCC‐SGauthentication,refertothe
CommandCenterSecureGatewayUserGuide,AdministratorGuide,or
DeploymentGuideat:
http://www.raritan.com/support/productdocumentation.
Supported Protocols
Inordertosimplifymanagementofusernamesandpasswords,theKX
II‐101providesthecapabilitytoforwardauthenticationrequeststoan
externalauthenticationserver.Twoexternalauthenticationprotocolsare
supported:LDAP/LDAPSandRADIUS.
Note on Microsoft Active Directory
MicrosoftActiveDirectoryusestheLDAP/LDAPSprotocolnatively,and
canfunctionasanLDAP/LDAPSserverandauthenticationsourcefor
KXII‐101.IfithastheIAS(InternetAuthorizationServer)component,a
MicrosoftActiveDirectoryservercanalsoserveasaRADIUS
authenticationsource.
Authentication vs. Authorization
Authenticationistheprocessofverifyingthatauseriswhohesaysheis.
Onceauserisauthenticated,theuserʹsgroupisusedtodeterminehis
systemandportpermissions.Theuserʹsassignedprivilegesdetermine
whattypeofaccessisallowed.Thisiscalledauthorization.
WhenKXII‐10
1isconfiguredforremoteauthentication,theexternal
authenticationserverisusedprimarilyforthepurposesof
authentication,notauthorization.