Cisco Cisco Prime Optical 9.3 Technical References
4
Cisco Prime Optical 9.3 Basic External Authentication
OL-23465-01
Default Prime Optical Policy Server Settings
•
Access-Challenge—Additional information is requested from the user.
The RADIUS access server:
•
Verifies user identity.
•
Determines whether the user is allowed to perform a task or access a network device.
•
Applies rules to user accounts.
Prime Optical Implementation of RADIUS
The Prime Optical server acts as a RADIUS client and sends authentication requests to a RADIUS server
implementing a single sign-on (SSO) application.
implementing a single sign-on (SSO) application.
The Prime Optical server uses the Pluggable Authentication Module (PAM) Solaris library for
authentication. Specifically, it uses the pam_radius_auth module to authenticate users against the
RADIUS access server. The PAM framework consists of the following parts:
authentication. Specifically, it uses the pam_radius_auth module to authenticate users against the
RADIUS access server. The PAM framework consists of the following parts:
•
PAM consumers—Solaris access applications such as login and rlogin, and the Prime Optical server.
•
PAM library.
•
PAM configuration file (pam.conf).
•
PAM service modules—Also referred to as providers.
Default Prime Optical Policy Server Settings
The following table lists the default Prime Optical configuration for the RADIUS access server.
Understanding the RADIUS Implementation
The Prime Optical server operates as a RADIUS client that is responsible for passing user information
to designated RADIUS servers, and then acting on the response that is returned.
to designated RADIUS servers, and then acting on the response that is returned.
Prime Optical provides an installation script that installs the following files:
•
Pam_radius_auth.so—A shared library file that is provided by FreeRADIUS. It is a PAM service
module that encapsulates all RADIUS client code installed in the usr/lib/security directory. The
pam_radius_auth.so file is considered a third-party component.
module that encapsulates all RADIUS client code installed in the usr/lib/security directory. The
pam_radius_auth.so file is considered a third-party component.
•
Pam_radius_auth.conf—A configuration file installed in the /opt/ExtAuth/cfg directory.
Configuration information includes the IP address of the RADIUS server, the authentication port,
the shared secret, the request timeout, and the number of retries.
Configuration information includes the IP address of the RADIUS server, the authentication port,
the shared secret, the request timeout, and the number of retries.
Table 1
Default External Authentication Settings
Property
Value
External authentication
Disabled
Allow local fallback
Enabled
Enable SysAdmin
Enabled