Single Login
Single Login allows a link within an HP Systems Insight Manager (HP SIM) page to establish an authenticated browser session to a managed system that supports Single Login without requiring users to re-enter their user names and passwords. However, if you are trying to establish an authenticated browser session with another instance of HP Systems Insight Manager running on another system, you must re-enter your user name and password. Single Login links exist wherever there is a link to another system. If you browse to a managed system using any method other than the links within HP SIM, Single Login is not supported, and you are required to enter the appropriate user name and password for each managed system. Managed systems must be set up to trust an HP SIM system before accepting a Single Login command. Trust is set up at the system by importing the HP SIM system certificate into the Trusted Management Servers List of the system. Refer to Trusted Certificates - Setting Up Trust Relationships for more information. Managed Systems must be set up to trust an HP SIM system before accepting a Single Login command. Trust is set up at the system by importing the HP SIM system certificate into the Trusted Management Systems List of the system. Refer to Trusted Certificates - Requiring Trusted Certificates for more information.
Signing InSigning into HP Systems Insight Manager allows access to HP SIM and determines what authorizations you have in HP SIM. Browsing to HP SIM using Secure Socket Layer (SSL) encrypts all information between the browser and HP SIM, including login credentials. SSL securely encrypts the password and helps prevent someone from capturing and replaying a valid login sequence. The login page has three fields:
User Name. The name of the user.
Password. The password for the user name.
Domain Name. The Windows domain of the user. This field appears in Windows environments only.
After the credentials are securely received by HP SIM, HP SIM validates the account, verifies that browsing is being done from a valid IP address for that account, and authenticates the credentials against the Windows domain. Refer to HP Systems Insight Manager Technical Reference Guide - Users and Authorizations for details about accounts . Some login failures are caused by failure in the operating system, some by failure within HP SIM. Use the operating system User Management tools to address these potential login failures: login credentials are not entered correctly. Passwords are case-sensitive. The account being entered has been deleted or has been disabled or locked out. The password for the account has expired or must be changed.
The following reasons for login failure within HP SIM can be addressed on the Users and Authorizations pages: The account being entered is not an account for HP SIM. You are attempting to sign in from an IP address that is not valid for the specified account. Finally, the browser systems can also be the cause for login failures. Browser not configured to accept cookies. A cookie blocker is installed.
Login Authentication on Linux and HP-UXHP SIM uses Pluggable Authentication Modules (PAM) to authenticate users who log into the Web server interface on Linux and HP-UX. Configuring PAM on a Linux SystemThe administrator of a Linux CMS can customize the PAM that HP SIM uses. The file /etc/pam.d/mxpamauthrealm contains the authentication steps for the HP SIM Web server interface. The default for this file is:
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so
This default setup directs PAM to use the standard UNIX authentication module to authenticate users attempting to log into the HP SIM Web server interface. Standard calls from the system libraries are used to access account information usually read from /etc/password or /etc/shadow. The administrator of the system can adjust these requirements to conform to the security requirements of the system. For example, if the security policy on the system is time dependent and /etc/security/time.conf is configured, you could adjust mxpamauthrealm to:
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so
Configuring PAM on an HP-UX SystemCustomizing PAM security on HP-UX is very similar. All of the PAM configurations are stored in /etc/pam.conf. The lines for HP SIM on HP-UX 11i are:
mxpamauthrealm auth required /usr/lib/security/libpam_unix.1
mxpamauthrealm account required /usr/lib/security/libpam_unix.1
mxpamauthrealm session required /usr/lib/security/libpam_unix.1
The lines for HP SIM on HP-UX 11i 2.0 are:
mxpamauthrealm auth required /usr/lib/security/$ISA/libpam_unix.1
mxpamauthrealm account required /usr/lib/security/$ISA/libpam_unix.1
mxpamauthrealm session required /usr/lib/security/$ISA/libpam_unix.1
If you want the HP SIM Web server login model to match what is configured for your other login methods (telnet, rlogin, login, ssh, and so on), configure the same plug-in modules that are used by these other login methods. These should be defined by the login service name in the /etc/pam.conf file or the /etc/pam.d/login file.
Related Topics
|