Manualshelf

Troubleshooting guide

ManualsBrandsRSA Security ManualsServer6.1
31323334353637383940
1: Important RSA Authentication Manager 8.1 Changes 35
RSA Authentication Manager 6.1 to 8.1 Migration Guide
Comparison of Cross-Realm Relationships and Trusted Realms
Trusted realms in version 8.1 function much like cross-realm relationships in
version 6.1. They both allow access to a network by a visiting user. You can create a
trust relationship between two realms, so that users from one realm can be
authenticated through agents in the trusted realm.
There are four main differences between cross-realm and trusted realms:
Version 8.1 realms must exchange trust packages.
In version 8.1, trust can be one-way or two-way, while in version 6.1 cross-realm
relationships are always two-way.
Version 8.1 administrators have increased control over which users can access the
trusted realm.
Version 8.1 trusted realms support authentication of RADIUS users from other
version 8.1 trusted realms, but not from version 6.1 realms. Version 6.1
cross-realm relationships do not support authentication of RADIUS users from
any version 6.1 realm or version 8.1 trusted realm.
Version 8.1 does not use the terms “home” realm or “remote” realm, only trusted
realm.
When establishing a cross-realm relationship in version 6.1, an administrator must
provide a set number of passcodes to the administrator of the opposite realm. Once the
cross-realm relationship is established and enabled, users from either realm can
authenticate in the other realm through any open agent in the realm.
In version 8.1, an administrator who wants to allow users from his realm to
authenticate to another realm (the trusted realm) must exchange credentials in a trust
package. The administrator delivers the trust package to the trusted realm, and the
administrator of the trusted realm imports the trust package into his realm.
Note: You can migrate all existing realm relationships. You can also establish realm
relationships between version 6.1 and version 8.1 realms. You must do this from the
6.1 realm, using the Database Administration application. For more information, see
the version 6.1 Help topic “Setting Up Cross-Realm Authentication.”
Version 8.1 realms can authenticate users from version 6.1 realms. However, after a
trusted version 6.1 realm is migrated into a version 8.1 deployment, the trust between
the migrated version 8.1 realm and all other version 8.1 realms is broken. As a result,
you must reestablish, or upgrade, these trust relationships. Trust between a migrated
version 8.1 realm and any remaining version 6.1 realm is maintained.