Versions Compared

Old Version 32

changes.mady.by.user Keith Sinclair (Deactivated)

Saved on

compared with

New Version 33

changes.mady.by.user John Sinclair

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Purpose

State the different authentication methods available for OMK applications.

Authentication Methods

OMK authentication methods

Table of Contents

Purpose

State the different authentication methods available for OMK applications.

Authentication Methods

OMK authentication methods are configured in /usr/local/omk/conf/opCommon.nmis inside the authentication hash.  This entire file is a PERL hash, so be mindful of the syntax.  After editing this file, a 'perl -c opCommon.nmis' will verify if the syntax is correct.  For authentication method changes to take effect, the omkd service will need to be restarted. 

The supported authentication methods for OMK applications are:

htpasswd

NMIS will use the users defined in the NMIS Users file, by default /usr/local/nmis9/conf/users.dat

The file is in the format created by the Apache htpasswd program.

htpasswd is the default authentication method for NMIS.

_file_verify($self->{config}->{auth_htpasswd_file}, $u,$p, $self->{config}->{auth_htpasswd_encrypt}

_file_verify($self->{config}->{auth_htpasswd_file}, $u,$p, $self->{config}->{auth_htpasswd_encrypt}in the NMIS Users file, by default /usr/local/nmis9/conf/users.dat

The file is in the format created by the Apache htpasswd program.

htpasswd is the default authentication method for NMIS.


KeyDescriptionExampleComment
auth_htpasswd_fileLocation of the password file

auth_htpasswd_encrypt

plain text passwords are checked ONLY if encmode is 0 or 'plaintext'

ldap

The Opmantek products will use the configured LDAP server to perform authentication.

...

KeyDescriptionExampleComment
auth_ms_ldaps_server MS-LDAPS Server Namehost[:port]No defaults. Entry must be created.

auth_ms_ldap_acc

Account Name


The MS-LDAP Distinguished Name (DN)/account to bind with

auth_ms_ldap_psw

Account Password
The password associated with the above MS-LDAP account. The entry must be created.
auth_ms_ldap_base Base Contextdc=corp,dc=opmantek,dc=comBase context to search from.

auth_ms_ldap_attr

MS-LDAP AttributessAMAccountNameThe MS-LDAP attribute(s) to match to username. 
auth_ms_ldap_group Checks if the user logging in is associated with the defined group.Sales, SNMPSIM, GPON

 Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local


novell-ldap


apache


connectwise


crowd


openaudit


openid_connect

See OKTA OpenID authentication


radius


system


tacacs

The Opmantek products will use the configured TACACS+ server (for example, Cisco ACS).

KeyDescriptionExampleComment
auth_tacacs_server The TACACS Server Namehost:port

auth_tacacs_secret

The Key

secret


token

See Delegated Authentication


Multiple Authentication Methods

You can use up to 3 Authentication Methods for fail back. For example, if you set auth_method_1 to be LDAP and auth_method_2 to be htpasswd and login with the default NMIS credentials (and you have not changed the password), the authentication for LDAP will fail, and then authentication with the users.dat will succeed and the user will be logged in.

...