SecurID Clients Supported by SunScreen

SunScreen supports two mechanisms for SecurID clients:

Install ACE/Agent 3.3 on each user desktop.

Or:

Install SunScreen SecurID stub client on the SunScreen machine, which supports Solaris 2.6, Solaris 7, and Solaris 8 operating systems, on both SPARC and Intel platforms.

1. As root, install a copy of sdconf.rec from the ACE server after it has been configured to have SunScreen as the ACE client.

2. Type the following in the directory containing sdconf.rec:

   # /usr/lib/sunscreen/lib/securid_stubclient_setup sdconf.rec

The ACE/Agent 3.3 is supported only on the Solaris 2.6 SPARC platform. It replaces the system login module with an ACE login module. When the Ace/Agent 3.3 is installed on each user desktop, ACE accounting will show that the user is authenticated through the user's desktop.

---

Note -

The EFS SecurID stub client supports Solaris 2.6, Solaris 7, and Solaris 8, on both SPARC and Intel platforms. Install it only on the SunScreen EFS firewall. ACE accounting will show that the users are authenticated through the EFS machine.

---

To Configure SecurID Authentication

1. Follow ACE documentation to set up the ACE server and configure SecurID users.

2. Install either ACE/Agent 3.3 on each user desktop or the SunScreen SecurID stub client on the EFS machine.

3. Add a rule to allow the SunScreen machine to communicate with the ACE servers:

   # ssadm edit Policy edit> Add Rule securid EFS_hostname secureid_server_name ALLOW edit> save # ssadm activate Policy