beautypg.com

Using the users tab, 34 configure security authentication users tab – HP StorageWorks 2.140 Director Switch User Manual

Page 100

background image

Configuring the director

100

Local Only—Each switch or director uses its local user database for authentication.

Radius then Local—the switch or director uses the Radius server, if available, to authenticate

users. If the Radius server is not available, then the local database is used.

Radius Only—Radius server is used to authenticate users. If the Radius server is not available,

then users cannot connect. Radius is acknowledged as being an industry standard and is

convenient to use because all passwords can be managed from a central location. There are

some disadvantages. Note the following:
• If a Radius Only method is used, the ability to authenticate is directly related to the quality of

the IP network being used to communicate with the Radius server. If you are authenticating

E_Ports, the stability of the fabric is dependent on the stability of the IP network. The risk is

smaller, if you use Radius then Local or Local Only.

• Some Radius servers store passwords unencrypted in plain text files. If Local Only were used,

there would be no unencrypted central repository of the password information as your HAFM

encrypts this information.

If you want to specify Radius authentication, you must first define at least one Radius Server. If no

Radius Servers have been configured, then the only option presented is Local only.

Using the Users tab

The Users tab (

Figure 34

) lets the security administrator set up role-based user access to the selected

switch through other management interfaces, such as HAFM Basic or Telnet.

Figure 34

Configure Security Authentication Users tab

If the HAFM Basic or Telnet check box is not selected, then no user can log in to the switch through

this interface. When the interfaces are enabled, HAFM Basic and Telnet can be set to authenticate

to a local database on the switch, a Radius server, or a local database then a Radius server. If the

SSH check box is selected then all management data between the workstation and the switch

through Telnet is encrypted using the SSH protocol.

This manual is related to the following products:
See also other documents in the category HP Storage: