Cisco Headend System Release 2.5
About This Guide
4017610 Rev A
v
About This Guide
Introduction
DBDS systems have traditionally been deployed at sites where authentication of
users is performed using locally stored credentials. The benefit of storing user
credentials locally is that they are self-contained and do not require an external
resource for user authentication. This simple method of local authentication may be
appropriate and sufficient for isolated machines/networks, and for a small set of
users. However, this method becomes unmanageable and cumbersome when the
number of users increases. Also, the local authentication method is inadequate when
user login access controls, such as access times and authorized client/network
locations, are required.
To address these issues for sites with hundreds of users and network devices to
administer and manage across the organization, System Release (SR) 5.0 includes
support for the following protocols:
users is performed using locally stored credentials. The benefit of storing user
credentials locally is that they are self-contained and do not require an external
resource for user authentication. This simple method of local authentication may be
appropriate and sufficient for isolated machines/networks, and for a small set of
users. However, this method becomes unmanageable and cumbersome when the
number of users increases. Also, the local authentication method is inadequate when
user login access controls, such as access times and authorized client/network
locations, are required.
To address these issues for sites with hundreds of users and network devices to
administer and manage across the organization, System Release (SR) 5.0 includes
support for the following protocols:
Remote Authentication Dial In User Service (RADIUS) protocol, which is a
client/server protocol that provides centralized Authentication, Authorization
and Accounting (AAA) service
client/server protocol that provides centralized Authentication, Authorization
and Accounting (AAA) service
Lightweight Directory Access Protocol (LDAP), which is an application protocol
that queries and modifies directory entries in a directory server
Note: In SR 5.0, LDAP includes support for Sudo software. Sudo software
permits users to run programs as another user, typically “root” user, and
simplifies user logins when LDAP is implemented across heterogeneous
platforms, such as Solaris, Linux, and AIX.
that queries and modifies directory entries in a directory server
Note: In SR 5.0, LDAP includes support for Sudo software. Sudo software
permits users to run programs as another user, typically “root” user, and
simplifies user logins when LDAP is implemented across heterogeneous
platforms, such as Solaris, Linux, and AIX.
This guide provides the configuration changes that must be implemented in a
Digital Broadband Operating System (DBDS) to enable support for RADIUS, LDAP,
and Sudo software.
Digital Broadband Operating System (DBDS) to enable support for RADIUS, LDAP,
and Sudo software.
Purpose
This purpose of this guide is to provide system administrators with procedures that
allow them to enable RADIUS, LDAP, and Sudo support on a client, such as a
Digital Network Control System (DNCS), a Remote Network Control Server (RNCS),
or an Application server.
allow them to enable RADIUS, LDAP, and Sudo support on a client, such as a
Digital Network Control System (DNCS), a Remote Network Control Server (RNCS),
or an Application server.
Scope
This guide provides instructions for enabling basic RADIUS, LDAP, and Sudo
support on a client host. This guide does not provide instructions for customizing
advanced features of RADIUS, LDAP, and Sudo for use with unique site
configurations.
support on a client host. This guide does not provide instructions for customizing
advanced features of RADIUS, LDAP, and Sudo for use with unique site
configurations.