Manualshelf

XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
311312313314315316317318319320
XYGATE
®
User Authentication
Reference Manual
Appendix B: The UAACL File
XYPRO Technology Corporation 283 Proprietary and Confidential
B44: RSA_AUTHENTICATE
The RSA_AUTHENTICATE keyword value determines if the authentication request will
be sent to the RSA server, and in what manner.
Syntax:
RSA_AUTHENTICATE {ON | OFF | OPTIONAL}
ONUsers will be authenticated via RSA SecurID technology. If the RSA server is not
available for communication with XUA for any reason, the logon request will be denied.
OFF If both the UACONF and UAACL have this keyword set to OFF, users will only
be authenticated by Safeguard, and not RSA. If the keyword is present in both files,
and the values are different, the value in the UAACL wins.
When running the XUA_RSA_INSTALL macro as the initial step in configuring the
RSA interface, the answer to the prompt "Do you want to use RSA authentication for
all NonStop users?" will create an entry in the UACONF file. This entry can be
changed at anytime by direct editing of the UACONF file LDAP_AUTHENTICATE
keyword.
OPTIONALIf communication with the RSA server is successful, the RSA-controlled
PASSCODE verification is invoked as if the value was ON. But, if the RSA server is
unavailable, the authentication (PASSCODE verification) is diverted to Safeguard,
instead of denied, as it would be with the ON setting. The setting of OPTIONAL may
be beneficial, if implemented in the UAACL for a specific group of users who would
require RSA authentication, yet need access to the NonStop server, even if the RSA
server is down. The users’ NonStop passwords must be maintained and remembered
for such cases.
If present in a UAGroup, this keyword’s value overrides the one in the UACONF file.
If this keyword is omitted, the value in the UACONF file is used.
Example How to specify users who should be authenticated via RSA:
UAGROUP OPERATORS
Description "All operators authenticated with RSA SecurID"
RSA_AUTHENTICATE ON
!Selection Criteria:
FROM_USER $EVERYONE
TO_USER $OPERATORS