9.2PAM (Pluggable Authentication Modules)

The Console Server supports RADIUS, TACACS+ and LDAP for two-factor authentication via PAM (Pluggable Authentication Modules). PAM is a flexible mechanism for authenticating Users. Nowadays, a number of new ways of authenticating users have become popular. The challenge is that each time a new authentication scheme is developed, it requires all the necessary programs (login, ftpd, etc.) to be rewritten to support it.

PAM provides a way to develop programs that are independent of authentication schemes. These programs need "authentication modules" to be attached to them at run-time in order to work. Which authentication module is to be attached is dependent upon the local system setup and is at the discretion of the local Administrator.

The Console Server family supports PAM to which we have added the following modules for remote authentication:

RADIUS

- pam_radius_auth

(http://www.freeradius.org/pam_radius_auth/)

TACACS+

- pam_tacplus

(http://echelon.pl/pubs/pam_tacplus.html)

LDAP

- pam_ldap

(http://www.padl.com/OSS/pam_ldap.html)

Further modules can be added as required.

Changes may be made to files in /etc/config/pam.d/ which will persist, even if the authentication configurator is run.

Users added on demand:

When a user attempts to log in, but does not already have an account on the Console Server, a new user account will be created. This account will not have any rights, and no password set. They will not appear in the configuration tools.

Automatically added accounts will not be able to log in if the remote servers are unavailable. RADIUS users are currently assumed to have access to all resources, so will only be authorized to log in to the Console Server. RADIUS users will be authorized each time they access a new resource.

Admin rights granted over AAA:

Users may be granted Administrator rights via networked AAA. For TACACS, a priv-lvl of 12 of above indicates an administrator. For RADIUS, administrators are indicated via the Framed Filter ID. (See the example configuration files below, for example.)

Authorization via TACACS for both serial ports and host access:

Permission to access resources may be granted via TACACS by indicating an appliance and a port or networked host the user may access. (See the example configuration files below, for example.)

TACACS Example:

user = tim {

service = raccess {

priv-lvl = 11

port1 = xxxxx/port02

122

Page 121 Page 123
Page 122
Image 122
Tripp Lite B096-016, 93-2879, B096-048 owner manual PAM Pluggable Authentication Modules, 122
Page 121 Page 123

93-2879, B096-016, B096-048 specifications

Tripp Lite is a renowned manufacturer of high-quality connectivity products, and their series of HDMI over IP extenders, including the B096-048, B096-016, and 93-2879, showcase the company's commitment to delivering innovative solutions for audio-visual distribution. These products are designed for seamless video and audio transmission over standard Ethernet networks, making them ideal for a wide range of applications in both commercial and residential settings.

The Tripp Lite B096-048 is a remarkable model capable of transmitting HDMI signals over an IP network with exceptional clarity and reliability. It supports resolutions up to 4K at 60Hz, enabling users to enjoy high-definition content without any compromise in quality. The B096-048 can extend signals up to 150 meters using a single Cat6 cable, making it perfect for large spaces or setups where long distances between source and display are required.

Similarly, the B096-016 offers impressive capabilities, supporting HDMI signals over IP and allowing users to extend 1080p signals up to a distance of 120 meters. This model is particularly suitable for applications where full HD resolution is adequate, making it a cost-effective solution for smaller installations or environments where the highest resolutions are not necessary. Both models benefit from advanced features such as EDID management, which ensures compatibility between various devices, and plug-and-play operation for quick and easy setup.

The Tripp Lite 93-2879 complements this product range by providing a versatile option for users looking to simplify their HDMI distribution. This device serves as a matrix switcher, allowing multiple HDMI sources to connect to different displays over an IP infrastructure. The unique capability of routing signals as needed gives users the flexibility to control multiple displays conveniently from a central location.

Features such as support for HDR and a variety of audio formats, including multi-channel audio, enhance the versatility and appeal of these products. Additionally, they incorporate robust security protocols to ensure safe data transmission, along with streamlined network management compatibility.

Overall, Tripp Lite’s B096-048, B096-016, and 93-2879 models represent the forefront of HDMI distribution technology, combining robust performance, user-friendly design, and advanced features to meet the demands of modern AV environments. Whether for corporate presentations, digital signage, or home theater setups, these products provide reliable solutions for high-quality audio and video transmission.
Top Page Image Contents