Setting CLI User Authentication Types

CLI users can be authenticated through one of the following authentication types: internal, RADIUS, or LDAP. Internal authentication is always supported, and the event broker always first attempts to authenticate a user using internal authentication. However, if a user does not exist in the internal database, the event broker checks if either RADIUS or LDAP authentication is configured (only one of the two can be configured for the event broker). If it is, the event broker then attempts to authenticate the user using RADIUS or LDAP.

To set the type of authentication mechanism to use for CLI users, enter the following commands:

solace(configure)# authentication 
solace(configure/authentication)# user-class cli
solace(configure/authentication/user-class)# auth-type {radius <radius-profile> | ldap <ldap-profile> | internal}

Where:

auth-type is the authentication mechanism to use for CLI users:

  • radius specifies to authenticate CLI users through provisioned external RADIUS servers. This is the default authentication type. <radius-profile> is the name of a configured RADIUS profile (refer to Configuring RADIUS Profiles).
  • ldap specifies to authenticate CLI users through provisioned external LDAP servers. <ldap-profile> is the name of a configured LDAP profile (refer to Configuring LDAP Authentication).
  • internal specifies to authenticate CLI users through the internal Solace PubSub+ event broker database.