...
State the different authentication methods available for OMK applications.
Authentication Methods
OMK authentication methods are configured in /usr/local/omk/conf/opCommon.nmis inside the authentication hash. This entire file is a PERL hash, so be mindful of the syntax. After editing this file, a 'perl -c opCommon.nmis' will verify if the syntax is correct. For authentication method changes to take effect, the omkd service will need to be restarted.
The supported authentication methods are:
htpasswd
This is used by NMIS as the default authentication method.
...
are:
htpasswd
NMIS will use the users defined in the NMIS Users file, by default /usr/local/nmis9/conf/users.dat
The file is in the format created by the Apache htpasswd program.
htpasswd is the default authentication method for NMIS.
_file_verify($self->{config}->{auth_htpasswd_file}, $u,$p, $self->{config}->{auth_htpasswd_encrypt}
_file_verify($self->{config}->{auth_htpasswd_file}, $u,$p, $self->{config}->{auth_htpasswd_encrypt}
Key | Description | Example | Comment |
---|---|---|---|
auth_htpasswd_file | Location of the password file | ||
auth_htpasswd_encrypt | plain text passwords are checked ONLY if encmode is 0 or 'plaintext' |
ldap
The Opmantek products will use the configured LDAP server to perform authentication.
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
auth_ldap_privs | User's local privileges | 0/1 | By default, set to 0. To enable the feature, set the value to 1. |
auth_ldap_server | LDAP Server Name | host[:port] | No defaults. Entry must be created. |
auth_ldap_acc | Account Name | The LDAP account name to search for. The entry must be created. | |
auth_ldap_psw | Account Password | The password associated with the above LDAP account. The entry must be created. | |
auth_ldap_context | Base Context | ou=people,dc=opmantek,dc=com | Base context to attempt to bind to. |
auth_ldap_attr | LDAP Attributes | The LDAP attribute(s) to match to username. Can be blank; if so, it defaults to ('uid', 54.85'cn') |
...
ldaps
The Opmantek products will use the configured LDAP (Secure) server to perform authentication.
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
auth_ldap_privs | User's local privileges | 0/1 | By default, set to 0. To enable the feature, set the value to 1. |
auth_ldaps_server | LDAPS Server Name | host[:port] | No defaults. Entry must be created. |
auth_ldap_acc | Account Name | The LDAP account name to search for. Entry must be created | |
auth_ldap_psw | Account Password | The password associated with the above LDAP account. The entry must be created. | |
auth_ldap_context | Base Context | ou=people,dc=opmantek,dc=com | Base context to attempt to bind to. |
auth_ldap_attr | LDAP Attributes | The LDAPs attribute(s) to match to username. Can be blank; if so, it defaults to ('uid', 54.85'cn') |
...
ms-
...
ldap
OMK will use the configured Microsoft Active Directory LDAP server to perform authentication.
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
auth_ms_ldap_server | MS-LDAP Server Name | host[:port] | No defaults. Entry must be created. |
auth_ms_ldap_acc | Account Name | The MS-LDAP Distinguished Name (DN)/account to bind with | |
auth_ms_ldap_psw | Account Password | The password associated with the above MS-LDAP account. The entry must be created. | |
auth_ms_ldap_base | Base Context | dc=corp,dc=opmantek,dc=com | Base context to search from. |
auth_ms_ldap_attr | MS-LDAP Attributes | sAMAccountName | The MS-LDAP attribute(s) to match to username. |
auth_ms_ldap_group | Checks if the user logging in is associated with the defined group. | Sales, SNMPSIM, GPON | Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local |
...
ms-
...
ldaps
The Opmantex Opmantek products will use the configured Microsoft Active Directory LDAP (Secure) server to perform authentication.
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
auth_ms_ldaps_server | MS-LDAPS Server Name | host[:port] | No defaults. Entry must be created. |
auth_ms_ldap_acc | Account Name | The MS-LDAP Distinguished Name (DN)/account to bind with | |
auth_ms_ldap_psw | Account Password | The password associated with the above MS-LDAP account. The entry must be created. | |
auth_ms_ldap_base | Base Context | dc=corp,dc=opmantek,dc=com | Base context to search from. |
auth_ms_ldap_attr | MS-LDAP Attributes | sAMAccountName | The MS-LDAP attribute(s) to match to username. |
auth_ms_ldap_group | Checks if the user logging in is associated with the defined group. | Sales, SNMPSIM, GPON | Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local |
...
tacacs
The Opmantex Opmantek products will use the configured TacacsTACACS+ server (for example, Cisco ACS).
Key | Description | Example | Comment |
---|---|---|---|
auth_tacacs_server | The |
TACACS Server Name | host:port | ||
auth_tacacs_secret | The Key | secret |
token
Multiple Authentication Methods
...