authent-proxy

This attribute designates a list of proxy servers that can authenticate users for TAS in the LM-NT-OS/2 and NetWare realms. If you configure this attribute, all login requests go to the proxy for processing. A user receives resource access if the proxy server returns valid authentication, as long as the user name has validity on the host server as well. By default, the user's server authenticates logins.

The proxy does not need to reside on the same host or serve as a TAS service; however, the proxy should belong to the realm of the TAS host. For example, you should specify an SMB server to authenticate passwords for the LM-NT-OS/2 realm, a Novell NetWare server to authenticate passwords for the NetWare realm, and so on.

For this attribute, the service variable represents the name of the proxy service on another TAS host authenticating passwords. The service must have the same native protocol as the service for which it provides password authentication. If the service does not reside on a TAS host, then service represents the machine name for the service. For example, if the service resides on a TAS host server called server1, you would set up this service as an authentication proxy using the following command:

tnservice -A -r realm -s service -a authent-proxy=server1:file

You should always designate file as the service type for authent-proxy. This attribute does not work you set the value of share-mode to on. The client-encryption attribute does not work when you set authent-proxy, because session setups forward to the proxy server and incur local disregard.

Usage:

tnservice -M -r realm -s service -a authent-proxy=servicename:service-type