SunScreen 3.1 Administration Guide

SecurID Clients Supported by SunScreen

SunScreen supports two mechanisms for SecurID clients:


It will replace the system login module by an ACE login module. By installing it on each user desktop, ACE accounting will show that the user is authenticated through the user's desktop.

It needs to be installed only on the SunScreen EFS firewall. ACE accounting will show that the users are authenticated through the EFS machine.

Configuring SecurID Authentication
  1. Follow ACE documentation to set up ACE server and configure Securid users.

  2. Install either ACE/Agent 3.3 on each user desktop or SunScreen SecurID stub client on EFS machine.

  3. Add a rule to allow the SunScreen machine to communicate with the ACE servers:

    # ssadm edit <Policy>edit > Add Rule
    securid EFS_hostname 
    secureid_server_name ALLOW
    edit > save
    # ssadm activate <Policy>