Alcatel-Lucent 6850-48 Network Guide
LDAP Servers
Managing Authentication Servers
page 35-24
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Configuring Authentication Key Attributes
The alp2key tool is provided on the Alcatel-Lucent software CD for computing SNMP authentication
keys.The alp2key application is supplied in two versions, one for Unix (Solaris 2.5.1 or higher) and one
for Windows (NT 4.0 and higher).
keys.The alp2key application is supplied in two versions, one for Unix (Solaris 2.5.1 or higher) and one
for Windows (NT 4.0 and higher).
To configure the bop-shakey or bop-md5key attributes on the server:
1 Use the alp2key application to calculate the authentication key from the password of the user. The
switch automatically computes the authentication key, but for security reasons the key is never displayed
in the CLI.
switch automatically computes the authentication key, but for security reasons the key is never displayed
in the CLI.
2 Cut and paste the key to the relevant attribute on the server.
An example using the alp2key tool to compute the SHA and MD5 keys for mypassword:
ors40595{}128: alp2key mypassword
bop-shakey: 0xb1112e3472ae836ec2b4d3f453023b9853d9d07c
bop-md5key: 0xeb3ad6ba929441a0ff64083d021c07f1
ors40595{}129:
Note. The
bop-shakey and bop-md5key values must be recomputed and copied to the server any time a
user’s password is changed.
LDAP Accounting Attributes
Logging and accounting features include Account Start, Stop and Fail Times, and Dynamic Log. Typi-
cally, the Login and Logout logs can be accessed from the directory server software. Additional third-party
software is required to retrieve and reset the log information to the directory servers for billing purposes.
cally, the Login and Logout logs can be accessed from the directory server software. Additional third-party
software is required to retrieve and reset the log information to the directory servers for billing purposes.
The following sections describe accounting server attributes.
AccountStartTime
User account start times are tracked in the AccountStartTime attribute of the user’s directory entry that
keeps the time stamp and accounting information of user log-ins. The following fields (separated by
carriage returns “|”) are contained in the Login log. Some fields are only used for Layer 2 Authentication.
keeps the time stamp and accounting information of user log-ins. The following fields (separated by
carriage returns “|”) are contained in the Login log. Some fields are only used for Layer 2 Authentication.
Fields Included For Any Type of Authentication
• User account ID or username client entered to log-in: variable length digits.
• Time Stamp (YYYYMMDDHHMMSS (YYYY:year, MM:month, DD:day, HH:hour, MM:minute,
SS:second)
• Switch serial number: Alcatel-Lucent.BOP.<switch name>.<MAC address>
• Client IP address: variable length digits.