Filter
Top Products
Managing Access Server Security 22-3
Security Type Descriptions
The following occurs:
Since the set of attributes that the RADIUS authentication host sends to the access
server can be incomplete, you can set default realm authorization parameters that
provide missing values to complete the authorization set. If a parameter is missing
from both the RADIUS authorization parameters and from the realm’s default
parameters, and the parameter is defined within the port configuration information, the
port supplies the value for the parameter. This resulting set of parameters is the
“authorization” information used for this session.
SecurID
SecurID is a system of authentication from Security Dynamics Technologies, Inc.
There is no authorization information at the SecurID authentication host. Like
Kerberos, the SecurID realm provides values for realm-defined parameters.
Once the password has been accepted, its processing is analogous to the Kerberos
method. However, the resulting “authorization” parameters with SecurID, are the
combination of the realm parameters and the port configuration parameters.
User Accounts
User accounts provide a method of defining user name and password pairs, and
associated authorization parameters. User account information resides on the access
server. This is convenient method for supporting multiple administrative roles that are
fully self-contained on the access server.
Stage Description
1
The access server uses the realm name to determine the security
method to use when authenticating the login.
2
If the realm name is for a RADIUS server, the access server sends the
login information to a RADIUS authentication host.
3
Upon completing authentication successfully, the RADIUS
authentication host sends a list of authorization parameters to the
access server after authentication completes successfully. These
parameters are the intended settings for the user’s session.