3.7. AuthenticationProfile

Home Prev	cOS Stream 4.00.03 CLI Reference Guide	Next

Description

The Authentication Profile specifies from where users are allowed to authenticate to the system, and how.

Properties

Index: The index of the object, starting at 1. (Identifier)
Name: Specifies a symbolic name for the profile. (Identifier)
AgentType: Type of authentication agent. (Default: Basic)
LocalUserDB: Local user database that will be used to authenticate users. If both LocalUserDB and a RemoteServer are specified the AuthOrder parameter specify in which order they are consulted. (Optional)
RemoteServer: Remote authentication source(s) that will be used to authenticate users. If a list of sources are provided the first in the list will be used as primary and the rest are used for failover. Note that if the system is able to use public key authentication when an SSH client connects then RADIUS authentication will not also be attempted even though it might be configured in an associated AuthenticationProfile object. (Optional)
RadiusMethod: Specifies the authentication method used for encrypting the user password. (Default: PAP)
RemoteLoadBalance: Specifies how requests to remote servers are balanced. (Default: None)
AuthOrder: Specifies if the local user database should be queried before or after the remote servers. (Default: LocalLast)
SessionTimeout: Seconds a user session may exist before it is disconnected. (Default: Disabled)
RemotePrimaryRetryInterval: Interval in seconds after primary Radius remote authentication server is retried. (Default: 60)
UseServerTimeouts: Use timeouts received from authentication source, replaces timeouts specified in the authentication profile. (Default: No)
MultipleLogins: Specifies how multiple username logins will be handled. (Default: AllowMultiple)
ReplaceIdleTime: Replace existing user if idle for more than this number of seconds. (Default: 10)
MaxMultipleSessions: Maximum number of simultaneous user sessions for the same username. (Default: 2)
BruteForceAttackPrevention: Enable/disable brute force attack prevention. (Default: Yes)
LoginAttempts: Number of login attempts before attack prevention is activated. (Default: 3)
MaxLockoutTime: Maximum time in seconds for a lockout. (Default: 40)
EAPVerification: Enable/disable EAP header verification. (Default: Yes)
AllowAllEAPTypes: Allow all EAP types. (Default: Yes)
AllowEAP_SIM: Allow EAP-SIM. (Default: Yes)
AllowEAP_AKA: Allow EAP-AKA. (Default: Yes)
AllowEAP_MD5: Allow EAP-MD5. (Default: Yes)
Comments: Text describing the current object. (Optional)