Black Box LES1316A, LES1332A, LES1408A, LES144BA, LES1416A, LES1348A, LES1432A, LES1308A Tacacs+

Further modules can be added as required.

Changes may be made to files in /etc/config/pam.d/ that will persist, even if the authentication configurator runs.

Users added on demand:

When a user attempts to log in, but does not already have an account on the console server, a new user account will be created. This account will have no rights, and no password set. It will not appear in the Black Box configuration tools.

Automatically added accounts will not be able to log in if the remote servers are unavailable. RADIUS users are currently assumed to have access to all resources, so they will only be authorized to log in to the console server. RADIUS users will be authorized each time they access a new resource.

Admin rights granted over AAA:

Users may be granted Administrator rights via networked AAA. For TACACS a priv-lvl of 12 of above indicates an Administrator. For RADIUS, Administrators are indicated via the Framed Filter ID. (See the example configuration files below for example.)

Authorization via TACACS for both serial ports and host access:

Permission to access resources may be granted via TACACS by indicating a Black Box Appliance and a port or networked host the user may access. (See the example configuration files below for example.)

TACACS Example:

user = tim { service = raccess {

priv-lvl = 11

port1 = les1116/port02

port2 = 192.168.254.145/port05

}

global = cleartext mit

}

RADIUS Example:

paul Cleartext-Password := "luap" Service-Type = Framed-User, Fall-Through = No, Framed-Filter-Id=":group_name=admin"

The list of groups may include any number of entries separated by a comma. If the admin group is included, the user will be made an Administrator.

_____________________________________________________________________