Overview of external user authentication
External user authentication means that authentication services are provided by an authentication server outside of the SMC.
You can use the following kinds of external authentication services:
- Authentication services that support the RADIUS or TACACS+ protocol, such as RSA Authentication Manager or the NPS (Network Policy Server) of a Windows (Active Directory) server.
- LDAP authentication for simple password authentication against the LDAP database on the external directory server where user accounts are stored.
- 1
- The user opens an authentication connection to the engine.
- 2
- The engine queries the directory server to check if the user exists and which authentication method the user should use.
- 3
- The engine prompts the user to authenticate, then the user enters the credentials required for the authentication method.
- 4
- The engine relays the user credentials to one of the following components depending on the authentication method:
- For RADIUS or TACACS+ authentication methods, the engine relays the user credentials to the external authentication sever.
- For LDAP authentication, the engine relays the user credentials to the directory server.
- 5
- Depending on the authentication method, one of the following components verifies the user credentials and responds to the
engine whether authentication succeeds or fails:
- For RADIUS or TACACS+ authentication methods, the external authentication server verifies the user credentials.
- For LDAP authentication, the directory server verifies the user credentials.