Managing SecurID

Managing SecurID

Introduction

The Security Dynamics ACE/Server software performs dynamic two-factor SecurID authentication. Dynamic two-factor authentication combines something the user knows—a memorized personal identification number (PIN)—with something the user possesses—a randomly generated access code that changes every 60 seconds. The second factor is the tokencode generated by the SecurID token. This combination of PIN and tokencode represents a one-time passcode and is transmitted to the ACE/ Server software for verification.

The ACE/Server security environment is composed of four components. These are:

1ACE/Server software running on a UNIX platform

2(Optional) slave ACE/Server software running on a UNIX platform

3Access server running DNAS V2.0 or greater

4SecurID tokens utilized by users when they attempt to access the ACE/Server protected ACE/Clients

SecurID utilizes two types of hosts: master and slave. When setting up a SecurID realm, specify the master host by using the command SET PRIMARY host-name.You can specify the slave host using the command SET HOST host-name. Although the access server does allow you to configure multiple slave hosts, you should not do this.

Using the SECRET Keyword

The SECRET in the SecurID REALM is not specified by the user, but rather is filled in the first time the realm is used to authenticate a user. After that, you can clear it by using the NOSECRET qualifier in the CHANGE SECURID REALM command. If you clear it or if you delete the realm and then re-create it, you must reset the client on the authentication server side using the SecurID server administrator program.

SecurID Prompts

The default prompt for SecurID is ENTER PASSCODE>. This default is set when you create a new realm. This is the standard SecurID prompt.

SecurID Ports

Normally, you do not need to change the SecurID master and slave SERVICE PORT. If the default values do not match with those assigned on your hosts, then change the values in the access server to match those on the hosts.

Managing Access Server Security 22-23

Page 469
Image 469
HP NetRider manual Managing SecurID, Using the Secret Keyword, SecurID Prompts, SecurID Ports