Compatability with Authentication Systems

Question

Hi,

I'm submiting a request relating to the login process in NCM web GUI and the app, for some form of compatability with systems such as Radius and Tacacs.

If using the canned user accounts is ok for you then this probably won't apply to you. But if like me you have a lot more users than the canned accounts allow for (I have nearly 40) and each of those users has their own username and password to gain access to your network devices then the options for securely authenticating users on an idividual basis when logging in to the NCM web GUI start to dwindle.

Considering the potential speed and scale of damage that can be done by a malitious user through NCM, doesn't it seem that 'semi'  AD authentication might not be sufficiant enough to safe gaurd such a system?

Perhaps I'm the only voice on here calling for this, it would be nice to hear perspectives from others.

Regards

christineb · Answer

Hang tight guys - I think you're going to be pleased with some things that are on the road map and coming up soon.

--Christine

chrisbidwell · Answer

I would also find this beneficial. I don't have a large number of users to support like you, Ciag, but centralised authentication is definitely a high priority for us. TACACS+ (or Radius... but preferably TACACS+) integration would be ideal, though AD integration would suffice. The justification for using TACACS+ rather than AD directly would be to avoid duplication of effort with configuring access rights and so on for different users/groups. The more places where you have to set up access rights like this increases the chance you're going to forget to add or remove something for a new starter, or a leaver.

No idea how you'd achieve this, but it would be lovely to *optionally* (i.e. in addition to current options, not in replacement of) use the logged-in users' credentials for running command scripts etc. rather than the global credentials for certain devices, to make auditing more straight-forward. I say 'certain devices' because not all of the kit in our inventory supports Remote Authentication such as TACACS+ or Radius..