Specifications
Managing Access Server Security
23-4
Common Terminology Across Security Realms
Introduction
This section briefly defines the terms that are common to all of the security
methods that the access server supports.
Accounting Host
A security server that accepts and records accounting information from the access
server.
Authentication Host
A security server that provides authentication or authorization information to the
access server.
Default Realm
One realm in the access server can be specified to be the default realm. The only
advantage of the default realm is that, when logging in, the user can omit the
@realm-name portion of the login identification. There is no other special
meaning to be the default realm. To change the default realm name, you must first
set any current (default) realm name to be NODEFAULT. Then assign another as
DEFAULT.
Login Retries and Timeouts
The access server allows you to configure the number of times to retry contacting
a server before timing out a login attempt.You can specify the maximum number
of retries to potentially alternate authentication hosts. Hosts are tried round-robin
fashion until the login attempt times out. Each realm can point to its own list of
security hosts.
Secrets
A text string or value that ensures that the data exchanged between the access
server and the security host is valid. You must configure a secret on the access
server for RADIUS. You can also configure one for Kerberos. The secret for
SecurID will automatically be assigned by the SecurID authentication host.