About Intel AMT > Authentication and Authorization > Access Control Lists and Realms

Access Control Lists and Realms

The Intel AMT Access Control List (ACL) manages who has access to which capabilities within the device. An ACL entry has a user ID and a list of realms to which a user has access. This access is required to use the functionality associated with a realm. In the table shown at Functionality to Realm Mapping, each interface or service is listed with its realm. A user can be granted access to one or more realms. The Class and Method to Realm mapping table shows which WS-Management CIM class methods can be executed by a user with access to a selected realm.

The single default user is named “admin” and has “PTAdministrationRealm” privileges, which includes privileges for all Intel AMT realms. The admin user can use the commands in the Security Administration interface to create additional ACL entries for additional users. As part of the setup and configuration process, create the users necessary for an ISV application, subject to the limits on the number of available ACL entries.

There are two kinds of ACL entries: Digest and Kerberos. Digest entries have a username and password for user identification. Kerberos entries have an Active Directory SID to identify a user or group of users.

See Also:

   Access Control List Management

   Integration with Active Directory

Copyright © 2006-2013, Intel Corporation. All rights reserved.