Using security lock-out – Avocent CCM User Manual
Page 46
32 CCM Installer/User Guide
2. Issue a Server Security command, using the Authentication parameter to specify the
authentication method. Use the Encrypt parameter to enable plain text Telnet connections,
SSH connections or both.
SERVER SECURITY AUTHENTICATION=<auth> ENCRYPT=<conns>
You may optionally specify both RADIUS and local authentication, in either order. In tis case,
authentication will be attempted initially on the first method specified. If that fails, the second
method will be used for authentication.
When SSH session access is enabled, you must specify an authentication mode other than None.
3. You are prompted to save the information. Enter
Y
to confirm or
N
to cancel.
To display authentication configuration information:
1. Issue a Show Server Security command.
SHOW SERVER SECURITY
The display includes the current CCM appliance authentication settings that were configured
with the Server Security command. If SSH access has been enabled, the display indicates
SSH2. Regardless of whether SSH is enabled, the display includes the authentication method
specified with the Server SSH command.
2. To display CCM RADIUS settings that were configured with the Server RADIUS command,
issue a Show Server RADIUS command.
SHOW SERVER RADIUS
For more information, see Server Security command on page 70, Show Server Security command
on page 82, Show Server RADIUS command on page 81 and Using SSH on page 20.
Using security lock-out
When the security lock-out feature is enabled, a user account will be locked-out after five
consecutive authentication failures. A successful authentication will reset the counter to zero. You
may configure a lock-out period of 1-999 hours. A lock-out period of zero disables the feature; that
is, user accounts will not be locked-out.
A locked account will remain locked until the specified time elapses, the CCM appliance is power-
cycled or the account is unlocked by an administrator with the User Unlock command. A user with
the ADMIN access level may unlock all users except a user with the APPLIANCEADMIN level. A
user with the APPLIANCEADMIN level may unlock all users.
To enable or disable security lock-out:
1. To enable security lock-out, issue a Server Security command, using the Lockout parameter
with a value between 1-999.
2. To disable security lock-out, issue a Server Security command, using the Lockout=0 parameter.
To unlock a locked-out user:
Issue a User Unlock command with the username.