RSA Authentication Manager 6.1 Administrator’s Guide

RSA Authentication Manager 6.1 Administrator's Guide

Contact Information

See our Web sites for regional Customer Support telephone and fax numbers.

RSA Security Inc.

RSA Security Ireland Limited rsasecurity.ie

Trademarks

ACE/Agent, ACE/Server, Because Knowledge is Security, BSAFE, ClearTrust, Confidence Inspired, e-Titlement, IntelliAccess, Keon, RC2, RC4, RC5, RSA, the RSA logo, RSA Secured, the RSA Secured logo, RSA Security, SecurCare, SecurID, SecurWorld, Smart Rules, The Most Trusted Name in e-Security, Transaction Authority, and Virtual Business Units are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. All other goods and/or services mentioned are trademarks of their respective companies.

License agreement

This software and the associated documentation are proprietary and confidential to RSA Security, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright below. This software and any copies thereof may not be provided or otherwise made available to any other person.

Neither this software nor any copies thereof may be provided to or otherwise made available to any third party. No title to or ownership of the software or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software may be subject to civil and/or criminal liability.

This software is subject to change without notice and should not be construed as a commitment by RSA Security.

Note on encryption technologies

This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when exporting this product.

Distribution Limit distribution of this document to trusted personnel.

RSA notice Protected by U.S. Patent #4,720,860, #4,885,778, #4,856,062, and other foreign patents.

The RC5TM Block Encryption Algorithm With Data-Dependent Rotations is protected by U.S. Patent #5,724,428 and #5,835,600.

? 2005 RSA Security Inc. All rights reserved. First printing: September 2005

RSA Authentication Manager 6.1 Administrator's Guide

Contents

Preface..................................................................................................................................11

Intended Audience .............................................................................................................11 Documentation ...................................................................................................................11 Getting Support and Service ..............................................................................................11 Before You Contact Customer Support .............................................................................11

Chapter 1: Overview ................................................................................................... 13

RSA SecurID Tokens and Two-Factor Authentication .................................................... 14 RSA SecurID Software Token................................................................................... 15 RSA SecurID Authenticator SID800 ......................................................................... 15 User Password Token ................................................................................................ 15 Token Assignment Limits.......................................................................................... 15 RSA SecurID Code Generation and Time Synchronization...................................... 16 Maintaining Accurate System Time Settings ............................................................ 16

Other RSA Authentication Manager Security Capabilities .............................................. 17 Accountability and Security Auditing ....................................................................... 17 Protection from Intruders........................................................................................... 17 Data Encryption ......................................................................................................... 19 Emergency Access ..................................................................................................... 20

RSA Authentication Manager Architecture...................................................................... 20 RSA Authentication Manager Database .................................................................... 20 Primary and Replica Model ....................................................................................... 22 Agent Host/Authentication Manager Architecture .................................................... 23 Cross-Realm Model ................................................................................................... 26

New Features in RSA Authentication Manager 6.1.......................................................... 28 RSA Authentication Manager Control Panel............................................................. 28 Group Authentication Settings................................................................................... 28 RSA RADIUS Server 6.1 Powered by Funk Software.............................................. 28

RSA Authentication Manager Licensing .......................................................................... 29

Chapter 2: Using RSA Authentication Manager Administration Applications ..................................................................................................................... 31

Administrative Roles......................................................................................................... 31 Administrative Scope........................................................................................................ 32 Task Lists .......................................................................................................................... 33 Using Administrative Scope and Task Lists Together...................................................... 33 Important Administrative Tools........................................................................................ 34

System Design Tools ................................................................................................. 34 Administrative Support Tools.................................................................................... 35 Introduction to the Database Administration Application ................................................ 36 Exiting the Database Administration Application ..................................................... 37 Language Support (Windows) .......................................................................................... 37 Applicable Data Fields...................................................................................................... 38

Contents

3

RSA Authentication Manager 6.1 Administrator's Guide

Entering Japanese Characters with MS-IME97 ................................................................ 38 Hiragana and Katakana.............................................................................................. 39 Entering Characters in Single-Byte Fields................................................................. 40

Remote Administration ..................................................................................................... 40 Redirecting Remote Administration Connections ..................................................... 41 Configuring a System for Remote Administration .................................................... 42 Authentication of Remote Administrators ................................................................. 42 Authentication Challenges ......................................................................................... 43 Normal Logon and Passcode Challenges................................................................... 43 Authenticating When Your Token Is in Next Tokencode Mode............................... 44 Authenticating When Your Token Is in New PIN Mode .......................................... 44

Web-Based Administration with Quick Admin................................................................ 46 Quick Admin Architecture......................................................................................... 47 Administrative Roles in Quick Admin ...................................................................... 47 Setting Up Task Lists ................................................................................................ 48 Authentication of Quick Admin Administrators ....................................................... 50 Guidelines for Searches and Reports ......................................................................... 50 Reconfiguring Quick Admin ..................................................................................... 51 Troubleshooting ......................................................................................................... 52 Quick Admin Next Steps ........................................................................................... 53

Chapter 3: Agents and Activation on Agent Hosts ................................. 55

Downloading the Latest Agent for your Platform ............................................................ 56 Creating and Modifying Agent Hosts ............................................................................... 56

Auto-Registered Agent Hosts .................................................................................... 56 Default Agent Host Settings ...................................................................................... 56 Modifying Agent Host Extension Data ..................................................................... 57 Generating and Editing an Agent Configuration Record.................................................. 57 Setting Up Offline Authentication and Password Integration .......................................... 59 Specifying Offline Authentication at the System Level ............................................ 59 Enabling Password Integration at the System Level ................................................. 60 Setting Offline Authentication and Password Integration for Agents ....................... 61 Enabling Remote Access Agent Hosts to Function in Protected Domains ............... 61 Supporting Web Applications in Front-End/Back-End Environments...................... 61 Enabling Emergency Access for Offline Authentication Users ................................ 62 Configuring Agents to Handle Incorrect Passcodes ......................................................... 63 Open Agent Hosts ............................................................................................................. 64 Specifying an Open Agent Host ................................................................................ 64 Restricting Access to Open Agent Hosts ................................................................... 65 Automated Agent Host Registration and Updating .......................................................... 65 Dynamic Host Configuration Protocol (DHCP) Support .......................................... 68 Load Balancing by Agent Hosts ...................................................................................... 69 Manual Load Balancing Through the sdopts.rec File................................................ 70 Setting an Overriding IP Address for an Agent Host ................................................ 74 Using the Client_IP Keyword.................................................................................... 75

4

Contents

RSA Authentication Manager 6.1 Administrator's Guide

Legacy Agent Hosts .......................................................................................................... 75 The Configuration Record Editor ..................................................................................... 78

Editing Master and Slave Data (GUI Version) .......................................................... 79 Editing Master and Slave Data (Command-Line Version)........................................ 79

Chapter 4: Realm Administration ....................................................................... 81

Cross-Realm Authentication ............................................................................................. 81 Creating Records for Visiting Users Automatically .................................................. 81 Creating Remote User Records Manually ................................................................. 82 Default Logins in Cross-Realm Authentication......................................................... 82 Some Realms Not Upgraded to RSA ACE/Server 5.0.1 or Later ............................. 83

Planning for Cross-Realm Authentication ........................................................................ 83 Creating and Modifying Realms ....................................................................................... 85

Chapter 5: Database Maintenance (Windows) ........................................... 87

Maintaining Adequate Disk Space.................................................................................... 87 Reclaiming Disk Space with Database Compression ................................................ 87

Backing Up and Restoring RSA Authentication Manager Data....................................... 88 Backing Up Data While RSA Authentication Manager Programs Are Not Running ... 89 Backing Up Data While RSA Authentication Manager Programs Are Running ...... 90 Restoring Databases Created by the Database Backup Command............................ 91 Recovering Data From an Offline Backup or a Server.............................................. 92

Importing and Exporting Database Records ..................................................................... 93 Using the Database Dump and Load Utilities ........................................................... 93

Recovery Procedures......................................................................................................... 94 Determining Which Database is Most Up-To-Date .................................................. 94 Replacing a Replica Database.................................................................................... 94 Replacing Replica Hardware ..................................................................................... 95 Replacing the Primary Database................................................................................ 96 Nominating a Replica to Replace Primary Hardware................................................ 97

Maintaining Customer-Defined Data (Extension Records) ............................................ 100 Managing Log Extension Data ................................................................................ 101

Running External 4GL Procedures ................................................................................. 102

Chapter 6: Registering Users for Authentication ................................... 105

PIN Options..................................................................................................................... 105 Selecting Alphanumeric or Numeric PINs .............................................................. 105 Selecting PINs of Fixed or Varying Lengths........................................................... 106 Selecting User-Created or System-Generated PINs ................................................ 106 Tokens that Do Not Require PINs ........................................................................... 107

Creating and Modifying a User Record .......................................................................... 107 Synchronizing LDAP User Records ............................................................................... 108

The sdldapsync Utility ..............................................................................................110 Importing LDAP User Data from the Command Line ....................................................110

Library Path Setting ..................................................................................................110 LDAP Map Files .......................................................................................................110

Contents

5

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.