Authentication
Users
The Users tab allows users logged in as administrators to add new users or edit existing users and their privilege levels.
The user permissions for each Role are as follows:
| Role | Permissions |
| Admin | Full access |
| Operator | Full access, except:
- VCSA Access page read-only
- Users page inaccessible
- Administration page inaccessible |
| Viewer | - All pages read-only
- Users page inaccessible
- Administration page inaccessible |
The minimum requirements for the passwords are as follows:
8 characters;
one letter uppercase;
one letter lowercase;
one digit.
TACACS+
The TACACS+ tab allows adding one or more TACACS+ servers, and configuring the following details:
priority (sets the order in which the servers will be taken into account, if more are added, with a lower number corresponding to a higher priority);
login type (chap, login, pap);
server hostname;
port;
secret key;
timeout (waiting time for response from the TACACS+ server, can be set between 1 and 3 seconds);
privilege mapping (translates the 15 privilege levels from TACACS+ into those of the viewers, users and admins; can be configured).
RADIUS
The RADIUS tab allows adding one or more RADIUS servers, and configuring the following details:
priority (sets the order in which the servers will be taken into account, if more are added, with a lower number corresponding to a higher priority);
server hostname;
port;
secret key;
timeout (waiting time for response from the RADIUS server, can be set between 1 and 3 seconds);
privilege level mappings (allows adding one or more rules for users. These rules are integer or string type attributes, requiring a name and a value. During authentication, the system checks if a user matches the rules. If there is a match between a user and a rule, then a role is applied for the user);
Note: To add a new rule, click the [+] button. To apply the rule, click the [✔] button.
fallback role (comes into place when there isn’t a match between a user and a rule, with the ‘none’ option denying authentication access to any user).
Custom authentication configuration
vTAP Manager allows users to not only define multiple authentication methods, but also to configure how the different methods are used. Clicking the Configure Authentication button on either the Users, TACACS+, or RADIUS page allows users to see the list of available authentication methods and change their priority and activation strategy.
For each method, one of the following strategies can be selected:
Enable: The method is activated and will be used to authenticate users;
Disable: The method is not active and its configuration will be ignored;
Restrict: A restricted authentication method is activated only if all higher priority methods are failing access. In the case of RADIUS or TACACS+ methods, this means that no server is responding (or no server is programmed). If only one of the registered RADIUS/TACACS+ servers replies with a rejection, the following restricted methods will be skipped. Note that Local Users are always available, meaning that any restrict method after that will never be activated.