External authentication requirements using authentication server

System Administrator Guide for VSP E990 and VSP G130, G/F350, G/F370, G/F700, G/F900

Version
88-06-0x
Audience
anonymous
Part Number
MK-97HM85028-08

Authentication servers support the following protocols:

  • LDAPv3 simple bind authentication
  • RFC 2865-compliant RADIUS with PAP and CHAP authentication
  • Kerberos v5
Note: The authentication server needs to support TLS1.2 as a transfer protocol.

The following root certificate file formats to be set on Device Manager - Storage Navigator are available for LDAP server settings:

  • X509 DER format
  • X509 PEM format
    Note:

    The root certificate to be set on Storage Navigator must satisfy the following requirements:

    • The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
      • BasicConstraints
      • KeyUsage
      • SubjectKeyIdentifier

    The certificate to be set on the connected server must satisfy the following requirements:

    • The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
      • BasicConstraints
      • KeyUsage
      • SubjectKeyIdentifier
    • The public key of the server certificate must be RSA.

One of the following encryption types must be used for the Kerberos server:

Windows
  • AES128-CTS-HMAC-SHA1-96
  • RC4-HMAC
  • DES3-CBC-SHA1
  • DES-CBC-CRC
  • DES-CBC-MD5
Solaris or Linux
  • DES-CBC-MD5