DX1000/DX1000N/DX2000 Advanced Security Function

Chapter 3 Password Management

3.1 Configuring the Password Management

Function

The following settings are necessary:

For a description of the function, see section 1.4

● Security > Password management

Enables the password management function.

See section 2.1.

● Login

Specify operation modes, user names, and restrictions for each normal user.

See section 2.1

● Root password > Password

Set the password of the root user.

See section 2.1

● Communication (Ethernet) > Password management > KDC connection,

Certification key

Set the server information, the encryption method, etc.You can select the encryption method from AES128, AES256, and ARC4.

These menu items only appear when the password management function is enabled.

For the setting procedure, see section 1.14 in the communication manual

Note

ARC4 (ARCFOUR) is an encryption algorithm that is compatible with RC4.

1

2

3

App

Index

● Communication(Ethernet) > SNTP client

For the password management function to work, the times on the KDC server and the DX must be synchronized. Configure the DX to always synchronize itself with an

SNTP server on the network.

For the setting procedure, see section 1.8 in the communication manual

Note

The password management function will not work if there is a difference of ±5 minutes or more between the DX and the KDC server.

IM 04L41B01-05EN

3-1

3-2

3.2 Using the Password Management Function

Logging In and Out

Logging In

Log in by entering the user name and password.

1.

Press FUNC.

A window for entering the user name appears.

2.

Select or enter a user name, and press DISP/ENTER.

On the left is the DX1000 screen. On the right is the DX2000 screen.

3.

Enter the password, and press

DISP/ENTER.

The window closes, and you are logged in.

Note

Even if you enter a password, you may not be able to log in because of a network error or a problem with the settings. An error message will appear if this is the case. Perform the operation described below to log in as the root user.

1. Enter "root" for the user name, and press DISP/ENTER without entering a password.

An error message will appear, followed by a window for entering the password again.

2. Enter the root password, and press DISP/ENTER.

You can log in as the root user. The initial root user password is root123.

Logging Out

For operating instructions, see section 2.2.

IM 04L41B01-05EN

3.2 Using the Password Management Function

Signing In

When you sign in, you will be prompted for a user name and password.

For operating instructions, see section 2.3

Dealing with the "Invalid User" Status

If a user enters the wrong password and presses DISP/ENTER consecutively for the specified number of times (the password retry count), that user is invalidated. The user-locked icon appears in the status area. The user can log in again after a system administrator performs the locked-ACK operation (and the user-locked icon disappears).

For clearing the user locked icon, see section 2.2.

Note

The "Invalid user" status is only applicable on the DX being operated. The user account on the server is not invalidated.

1

2

3

App

Password Expiration Date

Manage passwords and their expiration dates on the KDC server.

Note

When preauthentication is not being used, users may be able to log in to the DX even after the password has expired.

Index

IM 04L41B01-05EN

3-3

3-4

3.3 Error Messages and Corrective Actions

Errors That Occur during Authentication

Code Message

E006 Incorrect input character string.

E085

E110

E114

E117

E764

E765

E766

E767

E768

E769

E771

E772

E773

E774

E775

The login password is incorrect.

This user name is not registered.

This user name is invalid.

This password is not effective.

Not supported by this machine.

Preauthentication failed.

The encryption type is not supported by this machine.

Failed to receive authentication from KDC server.

Change the password.

The time difference with the KDC server exceeds the limit.

The host principal is not registered.

The host principal is invalid

The host password is incorrect.

Preauthentication failed.

The realm is incorrect.

Explanation/Corrective Action

Check that the host principal, authentication key password, and realm name settings on the DX are correct.

Enter the correct password.

The specified user is not registered on the DX. The user account is not registered on the server.

The account has been invalidated on the server.

The account has been invalidated on the DX.

On the DX, because the wrong password has been entered consecutively for more than the permissible number of times, this user is invalid.

Not supported by the DX.

Enter the correct password. Also, make sure that the times on the DX and the server match.

The DX does not support the encryption type, or the encryption type settings on the DX and the server are different. Use the same encryption method on the DX and the server.

Check the DX and server settings. Also, make sure that the times on the DX and the server match.

The password has expired. Change the password of the user account that is registered on the server.

There is a time difference of 5 minutes or more between the DX and the server. Set the DX time to match the time on the server.

The host account is not registered on the server.

Check the host account that is registered on the server.

Make sure that the DX authentication-key password and the server's host-account password match.

An internal error occurred during preauthentication.

Disable the server's preauthentication function.

Make sure that the realm name setting on the DX is correct.

Errors That Occur during Communication

Code Message

E260 IP address is not set or ethernet function is not available.

E266 Ethernet cable is not connected.

E760

E761

Cannot find KDC server.

KDC server connection error.

Explanation/Corrective Action

The server address has not been specified.The Ethernet is not functioning.

Make sure that an Ethernet cable is connected.

The KDC server cannot be found in the same domain.

An error occurred while the DX was connecting to the

KDC server. Make sure that the network connection is not broken.

IM 04L41B01-05EN