Manualshelf

User Manual

ManualsBrandsLantronix ManualsComputers & AccessoriesLantronix CONSLE Server 10/100MBPS ENET (SCS400-02)
171172173174175176177178179180
Security Database Configuration
11-17
SecurID advantages include the following:
Three items are required for authentication: the token card, PIN, and user ID.
The cards cardcode is constantly changing, thus changing the passcode that the user enters.
If someone eavesdrops on a connection attempt and obtains a passcode, the passcode will not be
useful; a new passcode will be required in a few minutes. This enhances the security of Telnet
connections.
Disadvantages include:
If the caller attempts to use CHAP for authentication, SecurID cannot be used.
Users are required to carry the token card.
SecurID cannot be used for LAN to LAN connections, as the SCS has no way to generate passcodes.
The SecurID server must be configured.
Note: SecurID authentication is case-sensitive.
The Security Dynamics SecurID system requires communication between the ACE/Server and the end-user.
For example, the user must enter a new PIN when a SecurID card is first used, and a second passcode when
locked out.
PAP does not allow for these types of messages or additional user input. Therefore, it is strongly
recommended that SecurID be run from character mode only. It is possible to use SecurID with PAP,
provided that situations like those mentioned above are either prevented or handled in text mode on the next
call.
11.4.4.1 Configuring SecurID
To log into the SCS, the user must enter a username at the username prompt, and the passcode at the
password prompt.
To specify the SecurID ACE/Server for authentication of username/passcodes, use the Set/Define
Authentication SecurID command:
Figure 11-33: Configuring the SCS to Use SecurID
After SecurID is configured on the SCS, the SCS will receive further configuration information from the
ACE/Server. However, this only happens the first time that the SCS and ACE/Server communicate. If you
purge the authentication information on the SCS or change the precedence of SecurID, this learned
information will be lost. You will need to have your ACE/Server administrator reinitialize the SCS with
ACE/Server for SecurID to function properly again.
Local>> DEFINE AUTHENTICATION SECURID PRECEDENCE 4
Local>> DEFINE AUTHENTICATION SECURID PRIMARY 192.0.1.50
Local>> DEFINE AUTHENTICATION SECURID SECONDARY 192.0.1.51