SecurID Clients Supported by SunScreen

SunScreen supports two mechanisms for SecurID clients:

• Install ACE/Agent 3.3 on each user desktop. ACE/Agent 3.3 is supported only on the Solaris 2.6 SPARC platform.

Or:

• Install the SunScreen SecurID stub client on the SunScreen machine, which supports Solaris 2.6. Solaris 7 and Solaris 8 on both SPARC and x86.

  • As root, install a copy of sdconf.rec from the ACE server after it has been configured to have SunScreen as the ACE client.

  • Type the following in the directory containing sdconf.rec:

    # /opt/SUNWicg/SunScreen/lib/securid_stubclient_setup sdconf.rec

• Differences between the two mechanisms for SecurID clients:

  • The ACE/Agent 3.3 is supported only on Solaris 2.6 SPARC platform.

It will replace the system login module by an ACE login module. By installing it on each user desktop, ACE accounting will show that the user is authenticated through the user's desktop.

• The EFS SecurID stub client supports Solaris 2.6, 2.7, on both SPARC and Intel platforms.

It needs to be installed only on the SunScreen EFS firewall. ACE accounting will show that the users are authenticated through the EFS machine.

Configuring SecurID Authentication

1. Follow ACE documentation to set up ACE server and configure Securid users.

2. Install either ACE/Agent 3.3 on each user desktop or SunScreen SecurID stub client on EFS machine.

3. Add a rule to allow the SunScreen machine to communicate with the ACE servers:

   # ssadm edit <Policy>edit > Add Rule securid EFS_hostname secureid_server_name ALLOW edit > save # ssadm activate <Policy>