3.Click No for the alert types that you want to disable.

4.Click Apply SNMP Settings.

Two-Factor Authentication Settings

The Two-Factor Authentication Settings page displays the configuration of two-factor authentication settings, the trusted CA certificate information, and provides a method of changing the configuration and importing or deleting a trusted CA certificate.

The Enforce Two-Factor Authentication setting controls whether two-factor authentication is used for user authentication during login. Selecting Yes for the Enforce Two-Factor Authentication setting will require two-factor authentication. The No value disables the feature and allows login with user name and password only. You cannot change the setting to Yes if a trusted CA certificate is not configured. Changing the setting resets RILOE II saving the changes. To provide the necessary security, the following configuration changes are made when two-factor authentication is enabled:

Remote Console Data Encryption: Yes (Disables telnet access)

Enable Secure Shell (SSH) Access: No

Serial Command Line Interface Status: Disabled

If telnet, SSH, or Serial CLI access is required, re-enable these settings after two-factor authentication is enabled. However, because these access methods do not provide a means of two-factor authentication, only a single factor is required to access RILOE II with telnet, SSH or Serial CLI.

When two-factor authentication is enabled, access with the CPQLOCFG utility is disabled, because CPQLOCFG does not supply all authentication requirements. However, the HPONCFG utility is functional, because administrator privileges on the host system are required to execute the utility.

The Check for Certificate Revocation setting controls whether RILOE II uses the certificate CRL distribution points attribute to download the latest CRL and check for revocation of the client certificate. If the client certificate is contained in the CRL or if the CRL cannot be downloaded for any reason, access is denied. The CRL distribution point must be available and accessible to RILOE II when Check Certificate Revocation is set to Yes.

The Certificate Owner Field setting specifies which attribute of the client certificate to use when authenticating with the directory. If SAN is specified, RILOE II extracts the User Principle Name from the Subject Alternative Name attribute and then uses the User Principle Name when authenticating with the

Using the RILOE II 33

Page 33
Image 33
HP 232664-006 manual Two-Factor Authentication Settings