Versions Compared

Old Version 15

changes.mady.by.user Christopher Gatlin

Saved on

compared with

New Version 16

changes.mady.by.user Robin Twiggs

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following table lists OMK configuration options and the type of authentication which it works with.

 


Method
Description
ldap

OMK will use the configured LDAP server to perform authentication

 Config:
auth_ldap_server => 'host[:port]'
auth_ldap_attr => '' # attributes to match to username, can be blank, then defaults to ('uid','cn')
auth_ldap_context => 'ou=people,dc=opmantek,dc=com', # base of context to attempt to bind to 

ldaps (secure)

OMK will use the configured LDAP server to perform authentication

auth_ldaps_server => 'host[:port]'
auth_ldap_attr => '' # attributes to match to username, can be blank, then defaults to ('uid','cn')
auth_ldap_context => 'ou=people,dc=opmantek,dc=com', # base of context to attempt to bind to 

ms-ldap

OMK will use the configured Microsoft Active Directory (LDAP) server to perform authentication

Config:
auth_ms_ldap_server => 'host[:port]'
auth_ms_ldaps_server => 'host[:port]'
auth_ms_ldap_dn_acc => '' # the DN/account to bind with
auth_ms_ldap_dn_psw => 'password'
auth_ms_ldap_attr => 'sAMAccountName', # attribute to match to username
auth_ms_ldap_base => 'dc=corp,dc=opmantek,dc=com' # base to search from

ms-ldaps (secure)

OMK will use the configured Microsoft Active Directory (LDAP) server to perform authentication

Config:
auth_ms_ldaps_server => 'host[:port]'
auth_ms_ldap_dn_acc => '' # the DN/account to bind with
auth_ms_ldap_dn_psw => 'password'
auth_ms_ldap_attr => 'sAMAccountName', # attribute to match to username
auth_ms_ldap_base => 'dc=corp,dc=opmantek,dc=com' # base to search from

radius

OMK will use the configured radius server (Cisco ACS or Steel Belted Radius for example)

Config:
auth_radius_server => 'host:port'
auth_radius_secret => 'secret' 

tacacs

OMK will use the configured Tacacs+ server (Cisco ACS for example)

Config:
auth_tacacs_server => 'host:port'
auth_tacacs_secret => 'secret' # Also known as the "Key"

htpasswdOMK will use the users defined in the OMK Users file, by default /usr/local/omk/conf/users.dat.  Very often /usr/local/omk/conf/users.dat is a symlink pointing to /usr/local/nmis8/conf/users.dat.  The htpasswd user file may be changed by altering the auth_htpasswd_file key in the opCommon.nmis authentication hash.
tokenDelegated authentication by token as described here:  Delegated Authentication

Configuration of the External Authentications

...

Warning

Authentication methods are evaluated in sequence.  The first method that returns successful authentication terminates the authentication process.  If a method returns an unsuccessful authentication, the process does not terminate, the next authentication method will be evaluated.  Consider the following scenario when provisioning authentication for OMK applications.

  1.  OMK First authentication method: LDAP
  2.  OMK Second authentication method: htpasswd
  3.  User Bob has an LDAP account and has a user in the htpasswd users file.
  4.  User Bob leaves the company
  5.  The IT department removes Bob's LDAP account assuming he will no longer be able to access corporate systems.
  6.  Bob will still be able to access OMK applications because there is a user Bob in the htpasswd user file.

Related Topics