Black Box Secure Device Servers User Manual
Chapter 9: Authentication
724-746-5500 | blackbox.com
87
9. Authentication
The console server is a dedicated Linux computer with a myriad of popular and proven Linux software modules for networking, secure access
(OpenSSH), and communications (OpenSSL), and sophisticated user authentication (PAM, RADIUS, TACACS+, and LDAP).
This chapter details how the Administrator can use the Management Console to establish remote AAA authentication for all connections to the
console server and attached serial and network host devices.
This chapter also covers how to establish a secure link to the Management Console using HTTPS and using OpenSSL and OpenSSH to establish a
secure Administration connection to the console server.
9.1 Authentication Configuration
Authentication can be performed locally, or remotely using an LDAP, Radius, or TACACS+ authentication server. The default authentication method
for the console server is Local.
Figure 9-1. Authentication screen.
Any authentication method that is configured will be used for authentication of any user who attempts to log in through Telnet, SSH, or the Web
Manager to the console server and any connected serial port or network host devices.
You can configure the console server to the default (Local) or using an alternate authentication method (TACACS, RADIUS, or LDAP). Optionally,
you can select the order in which local and remote authentication is used:
Local TACACS /RADIUS/LDAP: Tries local authentication first, falling back to remote if local fails.
TACACS /RADIUS/LDAP Local: Tries remote authentication first, falling back to local if remote fails.
TACACS /RADIUS/LDAP Down Local: Tries remote authentication first, falling back to local if the remote authentication returns an error condition
(for example, if the remote authentication server is down or inaccessible).
Manager to the console server and any connected serial port or network host devices.
You can configure the console server to the default (Local) or using an alternate authentication method (TACACS, RADIUS, or LDAP). Optionally,
you can select the order in which local and remote authentication is used:
Local TACACS /RADIUS/LDAP: Tries local authentication first, falling back to remote if local fails.
TACACS /RADIUS/LDAP Local: Tries remote authentication first, falling back to local if remote fails.
TACACS /RADIUS/LDAP Down Local: Tries remote authentication first, falling back to local if the remote authentication returns an error condition
(for example, if the remote authentication server is down or inaccessible).
9.1.1 Local Authentication
Select Serial and Network: Authentication and check Local.
Click Apply.
9.1.2 TACACS Authentication
Perform the following procedure to configure the TACACS+ authentication method to use whenever the console server or any of its serial ports or
hosts is accessed:
Select Serial and Network: Authentication and check TACAS or LocalTACACS or TACACSLocal or TACACSDownLocal