Escolar Documentos
Profissional Documentos
Cultura Documentos
Authentication
Authentication Introduction
The users managed by the IAM device are end users who access the Internet
through the IAM device; therefore, the users are the basic units to be allocated with
network access privileges. The administrators can manage users and their
privileges through the [Group/ User] page.
2. Username/Password Authentication
3. SSO Authentication
4. DKey Authentication
Authentication Introduction
1. None/SSO
After the user enters username and password, the device will first check if the username
and password are correct according to the local user list. If it cannot find the user in the
local user list and external authentication server has been configured, the device will try to
check the username and password on the external server.
You can manually create users on the IAM ,or you can directly use the external server
account and password (SANGFOR IAM support for LDAP, RADIUS, POP3, database, H3C
CAMS, H3C IMC and other external authentication).
Authentication Introduction
3. SSO
SSO indicates that if the network already deploys the authentication system, the IAM
device will combine the authentication system to identify the user corresponding to a
certain IP address, so that when the user connects to the Internet, it will not be required to
type the username/password again.
- Proxy SSO
- POP3 SSO
- Web SSO
Authentication Introduction
4. DKey Authentication
The users adopting DKey authentication need submit the user information saved in
DKey to IAM device, which will then identify the user according to the DKey
authentication information. Among the four authentications, the DKey authentication
has the highest priority. If you insert the DKey into a computer that is already
authenticated using other method, the identity of the computer will be changed into
DKey user with the corresponding privileges.
There are two types of DKey: One is authentication DKey; the other is audit-free
DKey. The audit-free DKey has not only the authentication function, but also the
privilege to be exempt from being audited by the IAM device, which means the IAM
device will not monitor nor record the behaviors of the audit-free DKey user.
Authentication Introduction
Indicates whether to enable password policy to enhance the security of the user
password. After enabling it, you can then check relevant options to impose requirements
on the password, such as:
User/PolicyUser AuthenticationAuthentication
OptionsOther Options
Password Policy
Cilent change password
Force client to Change
password after the initial
authentication
Background: User import or adding a large number but the
initial password is the same, it's dangerous.
Attention
Advice
2.Why we should enable SNMP when customer want to bind ip/mac over
layer 3 core switch