Cacti not only has its own built-in user authentication mechanism, but can also be configured to use an LDAP or even an Active Directory server for authentication. As the authorization (access rights, permissions) is not stored on the external server, the user still has to be created within Cacti. So, how does Cacti know if a user is going to authenticate against the external server, or is using the built-in method? Cacti uses the concept of "Realms" for this. A Realm is basically the authentication method an end user uses to logon to Cacti. A user can only belong to one realm. When using the LDAP authentication method, Local users can still logon by choosing the "Local" Realm from the login dialog: ...