beautypg.com

Authentication schemes for pcs – H3C Technologies H3C Intelligent Management Center User Manual

Page 36

background image

18

Authentication

function

Authentication

method

Credential

transmission

method

Supported

client

Credential storage

location

Server certificate: UAM

WLAN-Portal

Transparent portal
authentication

Proprietary
protocol +
PAP or CHAP

Web browser

The mappings among the
MAC addresses, accounts,

and access services are

stored in UAM.

Username
name/password

PAP

iNode MC
Web browser

UAM

LDAP server

CHAP

iNode MC
Web browser

UAM

LDAP server from which UAM
can obtain the user password

EAP-MD5 iNode

MC

UAM

LDAP server with readable
passwords

WLAN-MAC

Transparent MAC
authentication

PAP
CHAP

None

MAC address-account
mappings: UAM.

Anonymous MAC
authentication

PAP
CHAP

None

MAC address-BYOD
anonymous account
mappings: UAM

L2TP IPSec VPN

Not supported

Authentication schemes for PCs

PCs include desktop computers and laptops.
As shown in

Table 2

, an authentication scheme for PCs includes these elements: authentication function,

authentication method, credential transmission method, supported client, and credential storage

location.
Authentication scheme element descriptions:

The username name/password is stored in both UAM and the LDAP server but is verified only by the
LDAP server. This authentication method is called LDAP authentication.

The username name/password is stored in both UAM and the RSA server but is verified only by the
RSA server. This authentication method is called RSA authentication.

Some LDAP servers (such as OpenLDAP) allow stored user passwords to be obtained by third-party
systems, while others (Windows AD, for example) do not. LDAP server with readable passwords

refers a LDAP server from which UAM can obtain user passwords.

The WLAN-802.1X authentication function requires that smart device users must pass the 802.1X
authentication to access the WLAN.

The WLAN-Portal authentication function requires that smart device users must complete the WLAN

configuration and then pass portal authentication before they can access the WLAN.

The WLAN-MAC authentication function requires that smart device users must pass the MAC
authentication to access the WLAN.

HP recommends not using third-party clients for L2TP IPsec VPN authentication.

See also other documents in the category H3C Technologies Safety: