Cisco Cisco Prime Optical 9.3 Technical References

Access-Challenge—Additional information is requested from the user.

The RADIUS access server:

Verifies user identity.

Determines whether the user is allowed to perform a task or access a network device.

Applies rules to user accounts.

The Prime Optical server acts as a RADIUS client and sends authentication requests to a RADIUS server 
implementing a single sign-on (SSO) application.

The Prime Optical server uses the Pluggable Authentication Module (PAM) Solaris library for 
authentication. Specifically, it uses the pam_radius_auth module to authenticate users against the 
RADIUS access server. The PAM framework consists of the following parts:

PAM consumers—Solaris access applications such as login and rlogin, and the Prime Optical server.

PAM library.

PAM configuration file (pam.conf).

PAM service modules—Also referred to as providers.

The following table lists the default Prime Optical configuration for the RADIUS access server.

The Prime Optical server operates as a RADIUS client that is responsible for passing user information 
to designated RADIUS servers, and then acting on the response that is returned.

Prime Optical provides an installation script that installs the following files:

Pam_radius_auth.so—A shared library file that is provided by FreeRADIUS. It is a PAM service 
module that encapsulates all RADIUS client code installed in the usr/lib/security directory. The 
pam_radius_auth.so file is considered a third-party component.

Pam_radius_auth.conf—A configuration file installed in the /opt/ExtAuth/cfg directory. 
Configuration information includes the IP address of the RADIUS server, the authentication port, 
the shared secret, the request timeout, and the number of retries.

External authentication

Disabled

Allow local fallback

Enabled

Enable SysAdmin

Enabled