Brocade Communications Systems 53-1002745-02 Marine Radio User Manual


  Open as PDF
of 666
 
Fabric OS Administrator’s Guide 151
53-1002745-02
Remote authentication
5
Supported LDAP options
Table 16 summarizes the various LDAP options and Brocade support for each.
Command options
Table 17 outlines the aaaConfig command options used to set the authentication mode.
TABLE 16 LDAP options
Protocol Description Channel type Default port URL Brocade
supported?
LDAPv3 LDAP over TCP Unsecured 389 ldap:// No
LDAPv3 with TLS
extension
LDAPv3 over TLS Secured 389 ldap:// Yes
LDAPv3 with TLS
and Certificate
LDAPv3 over TLS channel and
authenticated using a certificate
Secured 389 ldap:// Yes
LDAPv2 with SSL
1
1. This protocol was deprecated in 2003 when LDAPv3 was standardized.
LDAPv2 over SSL. Port 636 is used for
SSL. Port 389 is for connecting to
LDAP.
Secured 636 and 389 ldaps:// No
TABLE 17 Authentication configuration options
aaaConfig options Description Equivalent setting in
Fabric OS v5.1.0 and
earlier
--radius --switchdb
1
--authspec “local” Default setting. Authenticates management
connections against the local database only.
If the password does not match or the user is
not defined, the login fails.
Off On
--authspec “radius” Authenticates management connections
against any RADIUS databases only.
If the RADIUS service is not available or the
credentials do not match, the login fails.
On Off
--authspec “radius;local” Authenticates management connections
against any RADIUS databases first.
If RADIUS fails for any reason, authenticates
against the local user database.
not
supported
not
supported
--authspec “radius;local” --backup Authenticates management connections
against any RADIUS databases. If RADIUS fails
because the service is not available, it then
authenticates against the local user database.
The --backup option directs the service to try
the secondary authentication database only if
the primary authentication database is not
available.
On On
--authspec “ldap” Authenticates management connections
against any LDAP databases only. If LDAP
service is not available or the credentials do
not match, the login fails.
n/a n/a
 previous next