Configuration

TTo Configure Group Authorization on a TACACS+ Server

1.On the server, add “raccess” service to the user configuration and define which group or groups the user belongs to.

user = usergroup1 { service = raccess {

group_name = <Group1>[,<Group2>,...,<GroupN>];

}

}

2.If "raccess" service is already defined, add the group information to it.

3.“Enable Raccess Authorization” on KVM/net through the Web Manager at Configuration>Security>Authentication>Tacacs+ form.

Security Profiles

A Security Profile consists of a set of parameters that can be configured in order to have more control over the services that are active at any time. There are three pre-defined security profiles with pre-set parameters. In addition, a Custom profile is provided where an administrator can configure individual protocols and services.

Pre-defined Security Profiles

There are three pre-defined security profiles:

1.Secure - The Secure profile disables all protocols except SSHv2 and HTTPS. SSH root access is not allowed. Direct access to KVM connections are not available.

2.Moderate (Default) - The Moderate profile is the recommended security level. This profile enables SSHv1, SSHv2, HTTP, HTTPS, and Telnet. In addition, ICMP and HTTP redirection to HTTPS are enabled. Direct access to KVM connections are not available.

3.Open - The Open profile enables all services such as Telnet, SSHv1, SSHv2, HTTP, HTTPS, SNMP, RPC, ICMP, and Telnet. Direct access to KVM connections are available.

Web Manager for Administrators

221

Page 237
Image 237
Cyclades User's Guide manual Security Profiles, To Configure Group Authorization on a TACACS+ Server