Managing SecurID
Example: Including the Realm Name
If your realm name has to be included when the access server sends messages to SecurID, issue the command shown in the following example:
LOCAL> CHANGE SECURID REALM
For most usage, you will not want to include the realm name. If you do, each entry in the SecurID users file will have to appear as “
If a user has to be called back, this value is derived from
Example: Defining Realm Default Authorization Attributes
LOCAL> CHANGE SECURID REALM JONAS.COM PERMISSIONS (DIALBACK)
LOCAL> CHANGE SECURID REALM JONAS.COM CALLBACK ENABLED DIALBACK
NUMBER
Example: Defining Password Authentication Type
LOCAL> CHANGE SECURID REALM JONAS.COM ACCESS FRAMED
Note
The value NONE should be read as unspecified. This allows the port configuration to determine the access whenever the SecurID realm default does not specify one or more authorization attribute.
SecurID User AuthorizationsOptional authorizations can come from the SecurID user description which is defined specifically for a particular SecurID implementation. It is possible to define realm defaults, within the access server. The ultimate value for an authorization attribute may come from one of three sources: the SecurID, the realm defaults, or port characteristics, in that order of precedence. The choices for such features are:
∙For each SecurID realm name you define, you can set various authorization attributes for that realm. These values serve as defaults at the realm level. This means, that when a SecurID user tries to login to the access server, these values will be assigned to authorization attributes. If the user does not provide the attribute default in the realm, then the access server’s port characteristics are used if they have been previously defined.
∙One of the legal settings of the attributes in the realm is NONE. This special value connotes unspecified. In this case, when a user attempts to log in, if the value is not specified in the SecurID entry for the user name, and has the value NONE in the REALM, then the PORT configuration parameter assigns the corresponding value.
Managing Access Server Security