6 — SecurID Co-Authentication

[Previous] [Next] [Contents] [Index]

This chapter provides information on deploying CAS applications, and contains the following sections:

6.1 Security Dynamics SecurID Co-Authentication Overview
6.2 Setting Up SecurID Co-Authentication
6.3 Logging into DCE Using SecurID Co-Authentication
6.4 Logging In Using SecurID Tokens

6.1 Security Dynamics SecurID Co-Authentication Overview

PC-DCE includes a co-authentication DLL that enables DCE login through Security Dynamics® SecurID Token and ACE/Server technology. If a principal's CASAUTHSVCS ERA specifies SecurID® co-authentication, the PC-DCE dce_login program automatically prompts for the SecurID passcode.

6.2 Setting Up SecurID Co-Authentication

1. Install the Security Dynamics ACE/Server® on a Windows or UNIX machine in your network.

2. Install the Security Dynamics ACE/Client® on the Gradient Security Server machine.

3. Log into the DCE cell as administrator:

   dce_login cell_admin cell_password
   

4. Use the Security Dynamics administration tool available in the ACE/Server admin program to create a Security Dynamics user with a token. You must also use this tool to enable the Gradient Security Server host to perform ACE/Client logins on behalf of Security Dynamics users.

5. Create a DCE principal account with the same name as the new Security Dynamics user.

6. Add the CASAUTHSVCS ERA to the principal you will use to log into DCE through the sample. The ERA should specify securidcass.dll. For more information, see Section 4.3 on page 18.

7. If the user will use PC-DCE integrated login, use the ACE/Client control panel to turn off the Security Dynamics SDGINA Windows login feature.

1. Make sure PC-DCE and the ACE/Server are running.

2. If you have integrated login configured, log into the operating system and enter your user name. A dialog box prompts you for your passcode.

   If you do not have integrated login configured, run dce_login from the command line and enter your user name. dce_login prompts you for your passcode.

3. Enter your passcode exactly as you would for normal SecurID authentication. If you need more information on logging in using SecurID tokens, see Section 6.4. After you enter your correct PIN number and passcode, the Gradient Security Server logs you into DCE.

4. You can verify the login by running klist from the command line.

Logging into a protected network using a SecurID token will vary depending upon your token type, as described below:

• For Standard SecurID or Key Fob tokens, log in by entering both your Personal Identification Number (PIN) and the passcode currently displayed by your token:

  dce_login username PIN passcode
  

• For a SecurID PINPAD token, you must first enter your PIN into the token, then log in by entering the token-generated passcode:

  dce_login username passcode
  

If this is your first login using your SecurID token, the screen may display an assigned PIN immediately after you enter the passcode. Record this PIN for use in subsequent logins or, if your system allows changes, enter a new PIN.

If you enter your passcode incorrectly three consecutive times followed by a correct entry, you will be prompted for a new SecurID code.

[Previous] [Next] [Contents] [Index]

To make comments or ask for help, contact support@entegrity.com.

Copyright © 1997-2003 Entegrity Solutions Corporation & its subsidiaries