XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

261

262

263

264

265

266

267

268

269

270

XYGATE

User Authentication

™

(XUA) 1.85 Reference Manual

Appendix A: The UACONF File

XYPRO Technology Corporation 242 Proprietary and Confidential

A66: RSA_AUTHENTICATE

The RSA_AUTHENTICATE keyword value determines if the authentication request will

be sent to the RSA server and in what manner.

Syntax:

RSA_AUTHENTICATE {ON | OFF | OPTIONAL}

ON – Users will be authenticated via RSA SecurID technology. If the RSA server is not

available for communication with XUA for any reason, the logon request will be denied.

Note: The userid’s status on the NonStop server will be evaluated by Safeguard in

addition to the RSA PASSCODE verification. For example, if the RSA server

verifies the validity of the RSA user account and its PASSCODE, but in

Safeguard’s record the userid is expired, the logon request will be denied in this

case. The frozen status of the NonStop userid may be circumvented by the

FROZEN_OK keyword in either the UACONF or UAACL files.

OFF – If both the UACONF and UAACL files have this keyword set to OFF, users will

only be authenticated by Safeguard, and not RSA. If the keyword is present in both

files and the values are different, the value in the UAACL takes precedence.

When running the XUA_RSA_INSTALL macro as the initial step in configuring the

RSA interface, the answer to the prompt “Do you want to use RSA authentication for

all NonStop users?” will create an entry in the UACONF file. This entry can be

changed at any time by editing the UACONF file.

OPTIONAL – If communication with the RSA server is successful, the RSA-controlled

PASSCODE verification is invoked as if the value was ON. But if the RSA server is

unavailable, the authentication (PASSCODE verification) is diverted to Safeguard

instead of denied, as it would be with the ON setting. The setting of OPTIONAL may

be beneficial if implemented in the UAACL file for a specific group of users who would

require RSA authentication yet need access to the NonStop server, even if the RSA

server is down. The users must maintain and remember their NonStop passwords for

such cases.

An identical value in the UAACL file overrules the value in the UACONF file for the

specified set of users.

Example: How to Require authentication via RSA

RSA_AUTHENTICATE ON

The value of this keyword created by the XUA_RSA_INSTALL macro can be changed

by editing the UACONF file after the macro run is completed.