| RE: .0
I presume you have read the relevant section of the DNAS Management Guide
(Managing SecurID) and still have questions.
The basic DECserver configuration for SecurID is:
Local> change securid realm <foo> host <bar>
The realm name <foo> can be anything you want (within reason) and the host
name <bar> is the IP address or domain name (if DNS is also configured) of
your SecurID ACE/Server host.
If your version of the ACE/Server is using SecurID proprietary encryption,
instead of DES encryption, then you also need to specify:
Local> change securid realm <foo> encoding proprietary
The DECserver _must_ have a DNS name registered for it's IP address. The
ACE/Server requires this. The DECserver must be registered with the ACE/Server
as a client of type "comm server". The ACE/Server client entry for the
DECserver must be set to "no secret assigned" so that the ACE/Server will
assign one after the first sucessful authentication. All this info should be
in the SecurID ACE/Server management documentation.
To obtain authentication on a port, for interactive (VT) use:
Local> define port <n> authentication enable
> So on the DS900TM what do I define as the:
> realm-name?
What you choose.
> access ?
I suggest either "NONE", which means do whatever the port characteristics
indicate, or "LOCAL" which means give the user a "Local>" prompt.
> permissions ?
For interactive use (Telnet, LAT) without callback, the defaults are fine.
> what do I have to set on the ports?
See above.
Regards,
Dave
|