Table of Contents |
---|
...
Key | Description | Example | Comment |
---|---|---|---|
auth_htpasswd_file | Location of the password file | ||
auth_htpasswd_encryptplain | Enable encrypted passwords | Default is 1. Plain text passwords are checked ONLY if encmode value is 0 or 'plaintext' |
ldap
The Opmantek products will use the configured LDAP server to perform authentication.
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
auth_ldap_privs | User's local privileges | 0/1 | By default, set to 0. To enable the feature, set the value to 1. |
auth_ldap_server | LDAP Server Name | host[:port] | No defaults. Entry must be created. |
auth_ldap_acc | Account Name | The LDAP account name to search for. The entry must be created. | |
auth_ldap_psw | Account Password | The password associated with the above LDAP account. The entry must be created. | |
auth_ldap_context | Base Context | ou=people,dc=opmantek,dc=com | Base context to attempt to bind to. |
auth_ldap_attr | LDAP Attributes | The LDAP attribute(s) to match to username. Can be blank; if so, it defaults to ('uid', 54.85'cn') |
...
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
auth_ldap_privs | User's local privileges | 0/1 | By default, set to 0. To enable the feature, set the value to 1. |
auth_ldaps_server | LDAPS Server Name | host[:port] | No defaults. Entry must be created. |
auth_ldap_acc | Account Name | The LDAP account name to search for. Entry must be created | |
auth_ldap_psw | Account Password | The password associated with the above LDAP account. The entry must be created. | |
auth_ldap_context | Base Context | ou=people,dc=opmantek,dc=com | Base context to attempt to bind to. |
auth_ldap_attr | LDAP Attributes | The LDAPs attribute(s) to match to username. Can be blank; if so, it defaults to ('uid', 54.85'cn') |
...
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
auth_ms_ldap_server | MS-LDAP Server Name | host[:port] | No defaults. Entry must be created. |
auth_ms_ldap_acc | Account Name | The MS-LDAP Distinguished Name (DN)/account to bind with | |
auth_ms_ldap_psw | Account Password | The password associated with the above MS-LDAP account. The entry must be created. | |
auth_ms_ldap_base | Base Context | dc=corp,dc=opmantek,dc=com | Base context to search from. |
auth_ms_ldap_attr | MS-LDAP Attributes | sAMAccountName | The MS-LDAP attribute(s) to match to username. |
auth_ms_ldap_group | Checks if the user logging in is associated with the defined group. | Sales, SNMPSIM, GPON | Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local |
...
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
auth_ms_ldaps_server | MS-LDAPS Server Name | host[:port] | No defaults. Entry must be created. |
auth_ms_ldap_acc | Account Name | The MS-LDAP Distinguished Name (DN)/account to bind with | |
auth_ms_ldap_psw | Account Password | The password associated with the above MS-LDAP account. The entry must be created. | |
auth_ms_ldap_base | Base Context | dc=corp,dc=opmantek,dc=com | Base context to search from. |
auth_ms_ldap_attr | MS-LDAP Attributes | sAMAccountName | The MS-LDAP attribute(s) to match to username. |
auth_ms_ldap_group | Checks if the user logging in is associated with the defined group. | Sales, SNMPSIM, GPON | Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local |
novell-ldap
-- Deprecated --
apache
The Opmantek products will use Apache will to perform authentication and provide an authenticated user to Opmantek products with all the authorisation policies applied.
...
The Opmantek products will use the Atlassian Crowd authentication. Use Crowd to assign additional groups to a user and define each service that requires authentication as an application in Crowd.
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment | username | User name | username | password |
---|---|---|---|---|---|---|---|
auth_crowd_server | Crowd server | ||||||
auth_crowd_user | Crowd User name | username | |||||
auth_crowd_password | Crowd Password | passwordname | remote address | remote_address | value | 127.0.0.1 |
openaudit
Other FirstWave products can use Open-AudIT to authenticate users. See reference. Open-AudIT can use Active Directory and/or OpenLDAP for user authentication and/or authorisation. Open-AudIT will query both types of LDAP servers to validate a user's username and password and retrieve the user details (roles and orgs the user has access to). The user will be automatically created when they are authenticated.
...
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
type | Authentication type | okta | The authentication type shall be "okta". |
urlYOUR_SUBDOMAIN | URL for your subdomain | https://YOUR_SUBDOMAIN.okta.com/oauth2/default/v1/token | Replace only the text in red with your subdomain name. |
password | Password | password | The password shall remain "password", since the Opmantek's internal password field is mapped to the one returned by the OKTA service. |
username | User name | username | The user name shall remain "username", since the Opmantek's internal username field is mapped to the one returned by the OKTA service. |
clientYOUR_CLIENT_idID | The user's client ID | Enter the user's client ID. | |
clientYOUR_CLIENT_secretSECRET | The user's client secret | Enter the user's client secret. | |
grant_type | password | This grant type shall be "password". | |
scope | openid | The scope shall be "openid". |
...
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
auth_radius_server | The Radius Server Name | host:port | No defaults. Entry must be created. |
auth_radius_secret | Also known as the Key | secret |
...
The Opmantek products will use the configured TACACS+ server (for example, Cisco ACS).
Key | Description | Example | Comment |
---|---|---|---|
auth_tacacs_server | The TACACS Server Name | host:port | |
auth_tacacs_secret | The Key | secret |
token
The Opmantek products support a new authentication method called token,
which offers delegated authentication. This enables an external party to pre-authenticate a user, who can access the Opmantek products without having to log in with username and password.
Key | Description | Example | Comment |
---|---|---|---|
auth_token_key | One or more shared keys | extusr-1Kf!yVXt8TrP9zi | |
auth_token_maxage | The maximum length of time a token will remain valid. Must be a positive number, and defines how long a token remains valid after creation (in seconds). | 60 | If not present, the default of 300 seconds is used. |
For more information on how to generate and log in with a token, see Delegated Authentication.
...