The
<AuthBy ACE> module performs
authentication directly to an RSA Security Authentication manager
(formerly SecurID ACE/Server). For more information, see
RSA
website. RSA Security Authentication Manager provides a token-based
one-time password system.
<AuthBy ACE> requires
the
Authen::ACE4 Perl module from CPAN. Compile it for
your chosen Perl distribution. For more information, see
Section 2.1.2. You
can also contact Radiator Software in case you need help with your
Authen::ACE4 setup.
Tip
<AuthBy ACE> works with RSA
Authentication Manager 7.1 and later. If you have AM 7.1 or later you
might consider using <AuthBy RSAAM>, since it
is more capable and more portable.
Before using this AuthBy method ensure that you have the following
things:
- Installed and configured Authentication Manager
- Purchased tokens for each user from RSA Security
- Added the users that you wish to authenticate to Authentication
Manager, and assigned each one a token
- In Authentication Manager, added an ‘Agent Host’ for each Radiator
server host you intend to operate. If Radiator will run on the same host
as Authentication Manager, make sure you add an Agent Host for that
host.
- Followed the installation instructions in
goodies/ace.txt in the Radiator distribution
package
<AuthBy ACE> works also with
EAP-Generic-Token-Card and EAP-PEAP-Generic-Token-Card authentication, as
well as RADIUS PAP and TTLS-PAP.
Tip
There are more detailed installation and testing
instructions in the goodies/ace.txt file in your
distribution.
Tip
An alternative to using <AuthBy
ACE> is to proxy requests to the optional RADIUS server that
comes with Authentication Manager (although that RADIUS server has many
fewer features and supported platforms than Radiator).
Tip
There is an example Radiator configuration file for
<AuthBy ACE> in
goodies/ace.cfg in your Radiator distribution.
Tip
<AuthBy ACE> uses the State
reply item to get the RADIUS client to carry the context from one step of
authentication to the next. If you wish to test
<AuthBy
ACE> with radpwtst, use the -interactive flag.
radpwtst -interactive -user fred -password 1234574424
