| (56 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | __FORCETOC__ | |
| − | ==== | + | === Maintenance === |
| − | + | In this menu, You can manage accounts that can access the imRAD management interface. It also has audit logs that are a sequence of activities. | |
| − | + | ||
| − | + | ==== Accounts ==== | |
| − | + | The Maintenance Accounts are divided into two types. | |
| − | + | The first type is "Administrator" which is a privileged user. The second type is "Operator" which is a non-privileged user which means only having READ privilege. | |
| + | |||
| + | You can create an account by clicking the "Create New Account" button at the top right of the list. | ||
| − | |||
{| class="wikitable" | {| class="wikitable" | ||
| − | ! | + | ! style='width:200px' | Item !! Required !! Description |
| + | |- | ||
| + | | Accounts Type || Yes || Choose one type. | ||
| + | |- | ||
| + | | Login ID || Yes || The multibyte or Non-ASCII characters(e.g, Korean, Japanese) are not allowed and the maximum length is 64 characters. | ||
|- | |- | ||
| − | | | + | | Login authentication Type || Yes || The imRAD supports three login authentication methods that are |
| + | * Local: The credentials are validated from the local imRAD Database. | ||
| + | * RADIUS: The credentials are validated via a remote RADIUS server. | ||
| + | * LDAP: The credentials are validated via an LDAP server. | ||
| + | {{note|Note that you must define an Authentication Entity before creating an account that is validating via either the RADIUS or LDAP.}} | ||
|- | |- | ||
| − | | | + | | Temporary Password || Yes|| Temporary Password means that the password of an account is short random text. If a user logs in with an account whose password is Temporary, The user must change its password before login. If not, he can't log in.<br> |
| − | + | You may create an account for a new user to enable to change its password before login. | |
| − | + | |- | |
| + | | Email || No || Email address of a user. | ||
| + | |- | ||
| + | | Description || No || Description of a user. | ||
|- | |- | ||
| − | |||
| − | |||
|} | |} | ||
| − | ''' | + | ===== Temporary Password ===== |
| − | + | As described in the above table, Temporary Password makes it possible to change its password before login. When a user tries to log in with an account that was set a Temporary Password, the system moves a page in which a user can change its password. | |
| − | + | ||
| − | + | All saved passwords in the local imRAD Database are not decrypted as plaintext because all passwords are encrypted by secured cryptographic hash functions (CHF).<ref>Cryptographic hash function</ref> Although a user wants to know his/her password because a user forgot it, you can't provide the password as plaintext. Instead, you can generate the Temporary Password for an account. | |
| + | |||
| + | The Temporary Password is only available for accounts whose authentication type is "LOCAL". | ||
| + | If you set The Temporary Password to an account, a user MUST change the password within 3 days. If not, the account will be locked. | ||
| + | |||
| + | ===== Lock/Unlock ===== | ||
| + | The account may change to a locked state and a user can't log in with the account. There are three types of "LOCK" states. | ||
| + | * '''auto-lock'': If a login failure exceeds the specified number of login failures, we automatically lock the account for specified minutes. In this case, we change the locked state to "auto-lock". The "auto-lock" will be unlocked after elapsing the specified minutes. The specified number of login failures and minutes are defined in the "Managemnet> Settings > Security". | ||
| + | * '''dormant-lock''': It indicates that the account was not logged in for the specified number of days that are defined in the "Managemnet> Settings > Accounts". | ||
| + | * '''lock''': it indicates that an administrator locks the account. | ||
| + | |||
| + | {{note|Note that an administrator can unlock all locked accounts from the details of an account by clicking the icon([[File:popup.png|23x]]) in front of each row on the list.}} | ||
| + | |||
| + | ==== Audit Log ==== | ||
| + | An audit log(also called audit trail) is a record of events and changes, typically regarding a sequence of activities or a specific activity<ref>https://en.wikipedia.org/wiki/Audit_trail</ref>. | ||
| + | |||
| + | Activities of all the managers(administrator and operator) users and internal events of the system are recorded as audit logs. All users can search and see all audit logs but not change or delete them.<br> | ||
| + | You can see the details of each log by clicking the icon([[File:popup.png|23x]]) in front of each row on the list. | ||
| + | |||
| + | ==== Settings ==== | ||
| + | ===== Accounts ===== | ||
| + | This setting contains the values to lock the account that were not logged in for a long time. If a manager does not log in while the specified days, the status of the account is changed to "dormant-lock". | ||
| + | |||
| + | The locked accounts are not allowed to log in before unlocking them. | ||
| + | |||
| + | ===== Security ===== | ||
| + | This setting defines the authentication and session policies to have you securely access the management interface. | ||
| + | ====== Password Policy ====== | ||
| + | * Minimum Length: The minimum length of a password. | ||
| + | * Mix of Characters: If you want a strong password, select all items. | ||
| + | * Password Aging: It makes possible to have users forcibly change his/her password periodically. | ||
| + | |||
| + | |||
| + | ====== Maintenance account Session ====== | ||
| + | If you want to allow multiple sessions of the same account from different hosts or browsers, switch on the "Allow Multiple Sessions". | ||
| + | {{note|Even if multiple sessions are not allowed, duplicate logins through multiple browsers on a single computer are permitted.}} | ||
| + | You can also configure the '''session timeout''' and the '''Lockout''' is used to prevent a brute-force attack<ref>https://en.wikipedia.org/wiki/Brute-force_attack</ref> by locking an account for a while when a user failed its login several times. | ||
| + | |||
| + | {{note|Note that the '''dashboard''' page is not affected by the Session Termination. | ||
| + | In other words, Even if the dashboard page is open for a long time without any interaction, the session never expires.}} | ||
| + | |||
| + | |||
| + | === References === | ||
Latest revision as of 18:15, 9 August 2023
Maintenance
In this menu, You can manage accounts that can access the imRAD management interface. It also has audit logs that are a sequence of activities.
Accounts
The Maintenance Accounts are divided into two types. The first type is "Administrator" which is a privileged user. The second type is "Operator" which is a non-privileged user which means only having READ privilege.
You can create an account by clicking the "Create New Account" button at the top right of the list.
| Item | Required | Description |
|---|---|---|
| Accounts Type | Yes | Choose one type. |
| Login ID | Yes | The multibyte or Non-ASCII characters(e.g, Korean, Japanese) are not allowed and the maximum length is 64 characters. |
| Login authentication Type | Yes | The imRAD supports three login authentication methods that are
Note that you must define an Authentication Entity before creating an account that is validating via either the RADIUS or LDAP. |
| Temporary Password | Yes | Temporary Password means that the password of an account is short random text. If a user logs in with an account whose password is Temporary, The user must change its password before login. If not, he can't log in. You may create an account for a new user to enable to change its password before login. |
| No | Email address of a user. | |
| Description | No | Description of a user. |
Temporary Password
As described in the above table, Temporary Password makes it possible to change its password before login. When a user tries to log in with an account that was set a Temporary Password, the system moves a page in which a user can change its password.
All saved passwords in the local imRAD Database are not decrypted as plaintext because all passwords are encrypted by secured cryptographic hash functions (CHF).[1] Although a user wants to know his/her password because a user forgot it, you can't provide the password as plaintext. Instead, you can generate the Temporary Password for an account.
The Temporary Password is only available for accounts whose authentication type is "LOCAL". If you set The Temporary Password to an account, a user MUST change the password within 3 days. If not, the account will be locked.
Lock/Unlock
The account may change to a locked state and a user can't log in with the account. There are three types of "LOCK" states.
- 'auto-lock: If a login failure exceeds the specified number of login failures, we automatically lock the account for specified minutes. In this case, we change the locked state to "auto-lock". The "auto-lock" will be unlocked after elapsing the specified minutes. The specified number of login failures and minutes are defined in the "Managemnet> Settings > Security".
- dormant-lock: It indicates that the account was not logged in for the specified number of days that are defined in the "Managemnet> Settings > Accounts".
- lock: it indicates that an administrator locks the account.
Note that an administrator can unlock all locked accounts from the details of an account by clicking the icon(
) in front of each row on the list.
Audit Log
An audit log(also called audit trail) is a record of events and changes, typically regarding a sequence of activities or a specific activity[2].
Activities of all the managers(administrator and operator) users and internal events of the system are recorded as audit logs. All users can search and see all audit logs but not change or delete them.
You can see the details of each log by clicking the icon() in front of each row on the list.
Settings
Accounts
This setting contains the values to lock the account that were not logged in for a long time. If a manager does not log in while the specified days, the status of the account is changed to "dormant-lock".
The locked accounts are not allowed to log in before unlocking them.
Security
This setting defines the authentication and session policies to have you securely access the management interface.
Password Policy
- Minimum Length: The minimum length of a password.
- Mix of Characters: If you want a strong password, select all items.
- Password Aging: It makes possible to have users forcibly change his/her password periodically.
Maintenance account Session
If you want to allow multiple sessions of the same account from different hosts or browsers, switch on the "Allow Multiple Sessions".
Even if multiple sessions are not allowed, duplicate logins through multiple browsers on a single computer are permitted.
You can also configure the session timeout and the Lockout is used to prevent a brute-force attack[3] by locking an account for a while when a user failed its login several times.
Note that the dashboard page is not affected by the Session Termination. In other words, Even if the dashboard page is open for a long time without any interaction, the session never expires.
References
- ↑ Cryptographic hash function
- ↑ https://en.wikipedia.org/wiki/Audit_trail
- ↑ https://en.wikipedia.org/wiki/Brute-force_attack