Specifications
Managing Access Server Security
23-24
SecurID Ports
Normally, you do not need to change the SecurID master and slave SERVICE
PORT. If the default values do not match with those assigned on your hosts, then
change the values in the access server to match those on the hosts.
SecurID Realms
SecurID servers do not provide any authorization data; therefore, any
authorization information comes from the SecurID realm or the port
characteristics.
If a SecurID card is in a new PIN mode and the new PIN is coming from the access
server, the new pin is displayed for 10 seconds and then erased.
Minimal Setup for SecurID
The minimal configuration requires the following commands to set up the remote
ports used for communication with SecurID. These features must be assigned in
order for any communication with SecurID or SecurID accounting to take place.
• The following example shows the command used to set up SecurID security:
Local> CHANGE SECURID REALM realm-name
• This command defines and initializes a new SecurID realm:
Local> CHANGE SECURID REALM JONAS.COM AUTHEN HOST ip-addr
Optional Setup for SecurID
The commands in the following example can be used to configure additional
security parameters for SecurID. The commands in these examples will define a
SecurID accounting node, define the maximum timeout period for SecurID reply,
and define the interval between retries of an authentication request.
Local> CHANGE SECURID TIMEOUT seconds
This command defines the maximum timeout for SecurID reply.
Local> CHANGE SECURID INTERVAL seconds
Local> CHANGE SECURID REALM realm-name INCLUDE
This command causes the realm name to be included as part of a user name sent
to SecurID. Realm name inclusion is used for SecurID proxy authentication
service. See the Cabletron Network Access Software Command Reference guide for
more information on this command.