52 DOMINION KSX USER M ANUALRemote Authentication:Users, Groups, and Access PermissionsOverviewDominion KSX keeps an internal list of user and group names to determine access authorizationand permissions. This information is stored internally in a hashed / encrypted format.Note to CommandCenter UsersIf you plan to configure Dominion KSX to be integrated with and controlled by Raritan’sCommandCenter management appliance, this section of the User Manual does not apply to you.When an Dominion KSX unit is controlled by CommandCenter, CommandCenter determines theallowed users and groups. Please refer to your CommandCenter User Guide.Note to Raritan Customers Upgrading from Previous Firmware VersionsIf you previously configured Raritan products such as Dominion KSX and Dominion KSXrunning legacy firmware versions earlier than v3.2, read this entire section carefully. Beginningwith firmware version v3.2 and above, the implementation of users and groups has changedsignificantly to provide more flexible and powerful configurations.Relationship between Users and Group EntriesDominion KSX organizes all users into groups. Assigning users to groups allows you to managepermissions for all users in a given group at once, instead of managing permissions on a user-by-user basis.• User information is used to determine user authentication (i.e., is a given user allowed toaccess Dominion KSX at all?)• Group information is used to determine authorization for all users in a given group (i.e., towhich ports on Dominion KSX do the users in a group have access rights?)You may choose not to associate specific users with groups. In this case, Dominion KSXclassifies the user as “Individual.”Mandatory User GroupsEvery Dominion KSX has three default user groups. These groups cannot be deleted:ADMIN User group for original, factory-default administrative user.NONE Permissions defined for this group are employed for a user when yourDominion KSX is configured for remote authentication via LDAP or RADIUS(see next section), and a login attempt is successful but no user group is returnedby the remote authentication server.UNKNOWN Permissions defined for this group are employed for a user when yourDominion KSX is configured for remote authentication via LDAP or RADIUS(see next section), and a login attempt is successful but the user group returnedby the remote authentication server is not found in Dominion KSX.