Remote Authentication Services and Security Profiles
Oracle ILOM can be configured to use an external centralized user store rather than having to configure local users on each Oracle ILOM instance. This provides the added convenience of being able to centrally create and modify user credentials and enable users to gain access to many different systems.
Before choosing and configuring an authentication service, understand how these services work and how each needs to be configured. In addition to authentication, each of the supported services provide the ability to configure authorization rules that define how the Oracle ILOM user privileges get assigned for a given remote user. Ensure that the proper user role or privilege gets assigned.
The following table describes the user authentication services supported by Oracle ILOM.
Table 4-6 Remote Authentication Services and Security Profiles
| Service Name | Security Profile | Information |
|---|---|---|
|
Active Directory |
High |
|
|
Lightweight Directory Access Protocol/Secure Socket Layer (LDAP/SSL) |
High |
|
|
Legacy LDAP |
Low |
|
|
Remote Authentication Dial In User Service (RADIUS) |
Low |
|
Services with a high security profile can be used in very secure environments as they are secured by certificates and other forms of strong encryption to protect the channel. The services with a low security profile are disabled by default. Enable these low security profiles only if you understand and accept the limitations of this low level of security.
For remote authentication service configuration details, refer to the appropriate Oracle ILOM documentation below: