Manualshelf

XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
121122123124125126127128129130
XYGATE
®
User Authentication
(XUA) 1.85 Reference Manual
Chapter 13. Configuring the RSA SecurID Interface
XYPRO Technology Corporation 101 Proprietary and Confidential
Question 4: Do you want to use RSA authentication for all NonStop users?
Decide if all users who logon to the NonStop server will be authenticated using RSA.
This question is one of the prompts that appear during the XUA_RSA_INSTALL macro
run in section 13.6 below and configures the RSA_AUTHENTICATE keyword.
The RSA_AUTHENTICATE keyword value determines if the authentication request will
be sent to RSA Authentication Manager (formerly the ACE/Server), and in what
manner. This keyword can be present in the UACONF file, the UAACL file or both. The
UACONF value will be enforced globally unless overridden by values set in individual
UAGroups in the UAACL file.
The following are the valid entries for the RSA_AUTHENTICATE keyword:
{ ON | OFF | OPTIONAL }.
ONUsers will always be authenticated by the RSA first, and then by Safeguard.
OFFUsers will only be authenticated by Safeguard, and not RSA.
OPTIONALRSA authentication is invoked as if the value is ON, but if the RSA
Authentication Manager is non-responsive, the authentication is diverted to Safeguard
instead of being denied.
If most users will be authenticated via RSA, it is best to set the RSA_AUTHENTICATE
to ON in the UACONF file. However, for privileged IDs that will not be authenticated
via RSA, create UAGroups with RSA_AUTHENTICATE set to OFF.
Question 5: Will Passwords be Required in Addition to the RSA PASSCODE?
The RSA_REQUIRE_PASSWORD keyword value determines whether or not all users,
some users, or no users will be required to enter a Guardian PASSWORD in addition
to the PASSCODE. This keyword can be present in the UACONF file, the UAACL file
or both. The UACONF value will be enforced globally unless overridden by values set
in individual UAGROUPs in the UAACL file.
The following entries are valid for the RSA_REQUIRE_PASSWORD keyword:
OFFThe users are only presented with the PASSCODE, when logging on.
ON - Users will be prompted for the NonStop password and then, if the password is
correct, the RSA prompt(s) will be presented. Validity of both is required for successful
logons.