| Table of Contents |
|---|
Purpose
State the different authentication methods available for OMK applications
Authentication Methods
OMK authentication methods are configured in
Purpose
State the different authentication methods available for OMK applications.
Authentication Methods
OMK authentication methods are configured in /usr/local/omk/conf/opCommon.nmis inside the authentication hash. This entire file is a PERL hash, so be mindful of the syntax. After editing this file, a 'perl -c opCommon.nmis' will verify if the syntax is correct. For authentication method changes to take effect, the omkd service will need to be restarted.
The supported authentication methods are:
htpasswd
NMIS will use the users defined in the NMIS Users file, by default /usr/local/omknmis9/conf/opCommon.nmis inside the authentication hash. This entire file is a PERL hash, so be mindful of the syntax. After editing this file, a 'perl -c opCommon.nmis' will verify if the syntax is correct. For authentication method changes to take effect, the omkd service will need to be restarted.
The supported authentication methods are:
htpasswd
This is used by NMIS as the default authentication method.
...
users.dat
The file is in the format created by the Apache htpasswd program.
htpasswd is the default authentication method for NMIS.
_file_verify($self->{config}->{auth_htpasswd_file}, $u,$p, $self->{config}->{auth_htpasswd_encrypt}
_file_verify($self->{config}->{auth_htpasswd_file}, $u,$p, $self->{config}->{auth_htpasswd_encrypt}
| Key | Description | Example | Comment |
|---|---|---|---|
| auth_htpasswd_file | Location of the password file | ||
| auth_htpasswd_encrypt | plain text passwords are checked ONLY if encmode is 0 or 'plaintext' |
ldap
The Opmantek products will use the configured LDAP server to perform authentication.
Following are the configuration items in opCommon.json:
| Key | Description | Example | Comment |
|---|---|---|---|
| auth_ldap_privs | User's local privileges | 0/1 | By default, set to 0. To enable the feature, set the value to 1. |
| auth_ldap_server | LDAP Server Name | host[:port] | No defaults. Entry must be created. |
auth_ldap_acc | Account Name | The LDAP account name to search for. The entry must be created. | |
auth_ldap_psw | Account Password | The password associated with the above LDAP account. The entry must be created. | |
| auth_ldap_context | Base Context | ou=people,dc=opmantek,dc=com | Base context to attempt to bind to. |
auth_ldap_attr | LDAP Attributes | The LDAP attribute(s) to match to username. Can be blank; if so, it defaults to ('uid', 54.85'cn') |
...
ldaps
The Opmantek products will use the configured LDAP (Secure) server to perform authentication.
Following are the configuration items in opCommon.json:
| Key | Description | Example | Comment |
|---|---|---|---|
| auth_ldap_privs | User's local privileges | 0/1 | By default, set to 0. To enable the feature, set the value to 1. |
| auth_ldaps_server | LDAPS Server Name | host[:port] | No defaults. Entry must be created. |
auth_ldap_acc | Account Name | The LDAP account name to search for. Entry must be created | |
auth_ldap_psw | Account Password | The password associated with the above LDAP account. The entry must be created. | |
| auth_ldap_context | Base Context | ou=people,dc=opmantek,dc=com | Base context to attempt to bind to. |
auth_ldap_attr | LDAP Attributes | The LDAPs attribute(s) to match to username. Can be blank; if so, it defaults to ('uid', 54.85'cn') |
...
ms-
...
ldap
OMK will use the configured Microsoft Active Directory LDAP server to perform authentication.
Following are the configuration items in opCommon.json:
| Key | Description | Example | Comment |
|---|---|---|---|
| auth_ms_ldap_server | MS-LDAP Server Name | host[:port] | No defaults. Entry must be created. |
auth_ms_ldap_acc | Account Name | The MS-LDAP Distinguished Name (DN)/account to bind with | |
auth_ms_ldap_psw | Account Password | The password associated with the above MS-LDAP account. The entry must be created. | |
| auth_ms_ldap_base | Base Context | dc=corp,dc=opmantek,dc=com | Base context to search from. |
auth_ms_ldap_attr | MS-LDAP Attributes | sAMAccountName | The MS-LDAP attribute(s) to match to username. |
| auth_ms_ldap_group | Checks if the user logging in is associated with the defined group. | Sales, SNMPSIM, GPON | Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local |
...
ms-
...
ldaps
The Opmantex Opmantek products will use the configured Microsoft Active Directory LDAP (Secure) server to perform authentication.
Following are the configuration items in opCommon.json:
| Key | Description | Example | Comment |
|---|---|---|---|
| auth_ms_ldaps_server | MS-LDAPS Server Name | host[:port] | No defaults. Entry must be created. |
auth_ms_ldap_acc | Account Name | The MS-LDAP Distinguished Name (DN)/account to bind with | |
auth_ms_ldap_psw | Account Password | The password associated with the above MS-LDAP account. The entry must be created. | |
| auth_ms_ldap_base | Base Context | dc=corp,dc=opmantek,dc=com | Base context to search from. |
auth_ms_ldap_attr | MS-LDAP Attributes | sAMAccountName | The MS-LDAP attribute(s) to match to username. |
| auth_ms_ldap_group | Checks if the user logging in is associated with the defined group. | Sales, SNMPSIM, GPON | Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local |
...
tacacs
The Opmantex Opmantek products will use the configured TacacsTACACS+ server (for example, Cisco ACS).
| Key | Description | Example | Comment |
|---|---|---|---|
| auth_tacacs_server | The |
| TACACS Server Name | host:port | ||
auth_tacacs_secret | The Key | secret |
token
Multiple Authentication Methods
...