Access to the SE Manager of an MU is only possible by means of authentication using an account and password. To increase security, multi-factor authentication (MFA) can be configured for each account. In this case, when logging in to the SE Manager, after entering the account and password, a one-time password must be entered additionally in a second step. This is generated with the help of an authentication app.

For local accounts, the password stored in the /etc/shadow file is checked for authentication purposes.

A permanently specified PAM configuration (PAM = Pluggable Authentication Modules) is used for authentication purposes. The PAM configuration is used in the following cases:

• SSH login at shell level

• Login on the web interface

• Login on the desktop of the local console

Passwords are hidden during entry (they are displayed as dots) and can consequently not be read by unauthorized persons.

Each authentication is recorded in the audit logging.

If the login fails in the SE Manager, you can only log in again after a wait time of 10 seconds. This wait time protects against automated trial and error attacks.