Reference9:PBX/Config/Security

From innovaphone wiki
Jump to navigation Jump to search
There are also other versions of this article available: Reference | Reference9 (this version)

PBX password

For the operation of the innovaphone PBX, a PBX password must be allocated. This password is used for the authentication of the standby PBX, as well as for the encryption of user passwords, amongst other things:

  • Password: The PBX password.
  • Retype: You must repeat the entry of the PBX password.

After defining the password the first time a browser refresh is needed to activate the PBX webpages.

For slaves and standby units that have to replicate from master, the PBX-password has to be indentical. See figure Media:PBX-Master-Slave_Security.PNG

Password length is limited to 15 characters.

_KADMIN_ password

_KADMIN_ is a pseudo user that can be used on devices to join the Kerberos realm of the PBX. The user is restricted to that purpose and cannot be used to login to the web UI.

For slaves and standby units that have to replicate from master, the _KADMIN_password has to be indentical to master's admin password. See figure Media:PBX-Master-Slave_Security.PNG

Password length is limited to 15 characters.

Trusted realms / Cross-realm authentication

Defines trust relationships between the realm of the Kerberos server and remote realms. This means that users from the one realm can be authenticated to services/hosts of the other realm. This is called cross-realm authentication. Realms that trust each other have a shared password.

Name

May contain letters, numbers and minus signs.

Password

Passwords are limited to a length of 15 characters. Remove the password to delete a trust relationship.

Authorization

Defines the mapping of the rights for users of the remote realm in the local realm.

  • keep: Works only with innovaphone realms. Users of the remote realm have the same rights in the local realm.
  • use domain group: Works only with Windows domains. You can specify a RID of a Windows group of administrators and a group of viewers in the remote domain.
  • Administrator: All users of the remote realm have administrator rights in the local realm.
  • Viewer: All users of the remote realm have viewer rights in the local realm.

Admin Group RIP / Viewer Group RID

These settings are used if use domain group is selected. You can specify a RID of a Windows group of administrators and a group of viewers in the remote domain. The RID is the last part of the SID of the group. Make sure that the groups do not contain nested groups and that they are configured as Global security group in the Windows domain.

Hosts

This list shows all devices that have joined the realm. Click Del to delete a device from the list.