Tam local authentication and authorization – H3C Technologies H3C Intelligent Management Center User Manual
Page 13
4
Login methods and authentication-authorization
methods
A TAM authentication system consists of TAM, managed devices, and device users.
TAM supports authenticating and authorizing the device users who log in to devices through the
following methods:
•
Telnet.
•
Console.
•
SSH.
•
FTP.
•
TAM local authentication and authorization.
•
LDAP authentication + TAM local authorization.
To log in to a device, a device user can use the client software (that corresponds to the login mode) to
initiate a login request.
TAM local authentication and authorization
When a user attempts to log in to a device, the device sends the user account name and password to
TAM. TAM authenticates the user to allow or deny the user login. If the user is permitted to log in to the
device, TAM performs login authorization and command authorization for the user. The entire
authentication-authorization exchange process is performed over the TACACS+ protocol.
Device user information and the authorization policy assigned to the device user are saved in the TAM
local database.
shows authentication and authorization on a TAM local database. The PCs in blue represent the
PCs used by device users, and the devices in blue represent the manageable devices.