Filter
Top Products
Managing Access Server Security 22-23
Managing SecurID
Managing SecurID
Introduction
The Security Dynamics ACE/Server software performs dynamic two-factor SecurID
authentication. Dynamic two-factor authentication combines something the user
knows—a memorized personal identification number (PIN)—with something the user
possesses—a randomly generated access code that changes every 60 seconds. The
second factor is the tokencode generated by the SecurID token. This combination of
PIN and tokencode represents a one-time passcode and is transmitted to the ACE/
Server software for verification.
The ACE/Server security environment is composed of four components. These are:
1
ACE/Server software running on a UNIX platform
2
(Optional) slave ACE/Server software running on a UNIX platform
3
Access server running DNAS V2.0 or greater
4
SecurID tokens utilized by users when they attempt to access the ACE/Server
protected ACE/Clients
SecurID utilizes two types of hosts: master and slave. When setting up a SecurID
realm, specify the master host by using the command SET PRIMARY
host-name.
You
can specify the slave host using the command SET HOST
host-name
. Although the
access server does allow you to configure multiple slave hosts, you should
not
do this.
Using the SECRET Keyword
The SECRET in the SecurID REALM is
not
specified by the user, but rather is filled
in the first time the realm is used to authenticate a user. After that, you can clear it by
using the NOSECRET qualifier in the CHANGE SECURID REALM command. If
you clear it or if you delete the realm and then re-create it, you must reset the client on
the authentication server side using the SecurID server administrator program.
SecurID Prompts
The default prompt for SecurID is ENTER PASSCODE>. This default is set when you
create a new realm. This is the standard SecurID prompt.
SecurID Ports
Normally, you do not need to change the SecurID master and slave SERVICE PORT.
If the default values do not match with those assigned on your hosts, then change the
values in the access server to match those on the hosts.