VMS Authentication Module Version 3.1



Similar documents
Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Security Provider Integration RADIUS Server

Mobile Admin Security

Kerberos authentication made easy on OpenVMS

RSA ACE/Agent 5.5 for Windows Installation and Administration Guide

iphone in Business How-To Setup Guide for Users

RSA SecurID Software Token 1.0 for Android Administrator s Guide

SSH for OpenVMS Administration and User s Guide

Security Provider Integration Kerberos Server

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

EMC Data Protection Search

TIBCO Spotfire Platform IT Brief

1.6 HOW-TO GUIDELINES

Single Sign-on (SSO) technologies for the Domino Web Server

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Configuring Sponsor Authentication

Mobile Admin Architecture

How To Configure A Bomgar.Com To Authenticate To A Rdius Server For Multi Factor Authentication

Configure SecureZIP for Windows for Entrust Entelligence Security Provider 7.x for Windows

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

iphone in Business How-To Setup Guide for Users

Netop Remote Control Security Server

RSA SecurID Ready Implementation Guide

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

LDAP User Guide PowerSchool Premier 5.1 Student Information System

RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide

Configuring IBM Cognos Controller 8 to use Single Sign- On

CA Nimsoft Service Desk

Replacing legacy twofactor. with YubiRADIUS for corporate remote access. How to Guide

IIS, FTP Server and Windows

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

Managing Users and Identity Stores

NovaBACKUP xsp Version 15.0 Upgrade Guide

Xerox DocuShare Security Features. Security White Paper

HP Device Manager 4.7

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Defender Token Deployment System Quick Start Guide

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Installation Guide. SafeNet Authentication Service

Directory and File Transfer Services. Chapter 7

Remote Authentication and Single Sign-on Support in Tk20

BlackBerry Enterprise Service 10 version 10.2 preinstallation and preupgrade checklist

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P)

Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication

BlackBerry Enterprise Server for Microsoft Office 365 preinstallation checklist

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

YubiRADIUS Deployment Guide for corporate remote access. How to Guide

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

RSA SecurID Two-factor Authentication

Scyld Cloud Manager User Guide

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

RSA Authentication Manager 7.1 Basic Exercises

How To Secure An Rsa Authentication Agent

RSA SecurID Software Token 3.0 for Windows Workstations Administrator s Guide

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

RSA Authentication Agent 7.1 for Web for IIS 7.0 and 7.5 Installation and Configuration Guide

Red Hat Enterprise ipa

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

RSA AUTHENTICATION AGENTS FOR MICROSOFT WINDOWS

Administrator Guide. v 11

RSA Authentication Manager 7.1 to 8.1 Migration Guide: Upgrading RSA SecurID Appliance 3.0 On Existing Hardware

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

SafeNet Authentication Service

MIGRATION GUIDE. Authentication Server

Barracuda SSL VPN Administrator s Guide

Coveo Platform 7.0. Microsoft Active Directory Connector Guide

FileCloud Security FAQ

13.1 Backup virtual machines running on VMware ESXi / ESX Server

HP Operations Orchestration Software

Connection Broker Managing User Connections to Workstations, Blades, VDI, and more. Security Review

for Windows 7 Laplink Software, Inc. Quick Start Guide h t t p : / / w w w. l a p l i n k. c o m / h e l p MN-LLG-EN-15 (REV.

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

Synchronizing ProCurve IDM and Windows Active Directory

Security Provider Integration Kerberos Authentication

Oracle Virtual Desktop Infrastructure. VDI Demo (Microsoft Remote Desktop Services) for Version 3.2

Authentication Methods

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Summary. Downloading Kermit. Technical Bulletin UNIX VMS

EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager

NovaBACKUP xsp Version 12.2 Upgrade Guide

SCOPTEL WITH ACTIVE DIRECTORY USER DOCUMENTATION

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

CA Performance Center

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

Cloud Services ADM. Agent Deployment Guide

Integration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication

Installing Management Applications on VNX for File

Version 9. Active Directory Integration in Progeny 9

LISTSERV LDAP Documentation

Authentication and Single Sign On

Cisco ASA Authentication QUICKStart Guide

Transcription:

SOFTWARE PRODUCT DESCRIPTION VMS Authentication Module Version 3.1 The VMS Authentication Module Solution The VMS Authentication Module (VAM) provides controlled access to both user-written applications and the OpenVMS system overall using RSA SecurID, LDAP, RADIUS or the local VMS User Authentication File (UAF). It can be incorporated into an OpenVMSbased platform in three ways: * Via an API that can be incorporated into an application to control access to that application * On a system-wide basis by using the OpenVMS ACME system om Open- VMS V8 and higher on Alpha and Integrity platforms * On a system-wide basis via use of the LGI callouts for OpenVMS LOGI- NOUT.EXE. Easy to Install and Operate Process Software s VAM product integrates cleanly into the OpenVMS environment. It supports the MultiNet and TCPware TCP/IP stacks and HP TCP/IP Services. VAM is easy to install using the VMSIN- STAL installation procedure. It takes less than five minutes to configure. The system administrator can control VAM by editing the configuration file. Highly Configurable VAM s configuration file is robust and can be customized to meet an organization s specific security requriements. For example: * Rightslist identifiers may be granted to specific users to determine if they should use VAM s authentication methods. * All users may be required to use specific VAM authentication methods. * Multiple authentication methods (e.g., first attempt SecurID then LDAP then RADIUS) may be specified. * Multiple LDAP searches and servers may be specified. Configuration VAM supports VAX, Alpha, and Integrity systems running various versions of OpenVMS. When each node in an Open- VMS cluster shares a common system disk, the cluster needs to store just one copy of most VAM files. Only a few system-specific configuration files are required on each machine that runs the software. API An application programming interface (API) is provided to allow VAM to be incorporated into existing user applications. The heart of the API is the VMSAuthenticate function call, where the calling program supplies (as required) the username and password to be authenticated, the type of authentication (LDAP, SECURID, RADIUS, or LOCALUAF), and pointers to user-written callbacks in the user program. These callbacks are used by VAM to communicate with the user (e.g., to prompt for passwords or to provide informational messages). VMS LOGINOUT Callout VAM provides a callout module used to implement SecurID, LDAP, and RADIUS authentication using the standard VMS LOGINOUT mechanism. It may be configured so that if a VAM login can t be completed for any reason other than an invalid username or password (for, example, in the case of a network outage that prevents communication with an LDAP, RADIUS or ACE server), the normal VMS SYSUAF will be used to validate the user. VMS ACME VAM provides LDAP and RADIUS agents for the VMS ACME (Authentication and Credential Management Extension) subsystem for OpenVMS V8 and higher on Alpha and Integrity platforms.

RSA Security ACE/ Server (SecurID) VAM provides a client for RSA Security ACE/Server systems running on various UNIX and Microsoft Windows platforms. This client supports the use of standard RSA Security key fob and PINpad tokens. It can be incorporated into an application using the API, or the system administrator can specifiy a callout module for the VMS LOGINOUT mechanism. In addition, all SecurID usernames amy be mapped to a single VMS username on the client system. LDAP VAM provides a client for LDAP server systems running the V3 protocol on various platforms. Examples of supported servers are Microsoft Active Directory and OpenLDAP from the OpenLDAP Foundation. This client may be used in the form of an API that is incorporated into an application, as a VMS ACME agent, or as a callout module for the VMS LOGINOUT mechanism. Transactions with LDAP servers may be performed using unencrypted cleartext (the default), or the transactions may be encrypted using certificates. The VAM configuration file is used to specify if transactions are encrypted (LDAPS) or not (LDAP). To provide maximum flexibility, multiple searches may be specified for any supported server, and multiple servers may be searched. The servers and searches on those servers are specified in the VAM configuration file by the system manager. Searches are first conducted using either a specified Distinguished Name and password or anonymously (where supported by the server). The Core Features of VMS Authentication Module... VMS Authentication Module enables remote systems administrators, telecommuters, and other users to access corporate networks without revealing passwords and confidential data to potential eavesdroppers. * s RSA Security SecurID two-factor authentication via an API and as avms * s LDAP authentication via an API, as a VMS ACME agent, and as a VMS * Provides additional access controls through the use of the VMS User Authorization File via an API. * s the widely-used LDAP V3 protocol as found in, for example, Microsoft Active Directory and OpenLDAP. * Allows fetching of user-defined attributes from an LDAP directory for a successfully-authorized LDAP user. * Allows multiple searches of multiple LDAP servers. * Includes LDAP client/server security options by supporting both plain-text (LDAP) and encrytped (LDAPS) transactions. * s RADIUS authentication via an API, as a VMS ACME agent, and as a VMS * SSH single sign-on access using Process Software s MultiNet, TCPware and SSH for OpenVMS products. * Provideds many-to-one mappings of LDAP, RADIUS and SecurID usernamess to a single VMS username. 2

In addition, all LDAP usernames amy be mapped to a single VMS username on the client system. When a user is successfully authenticated via an LDAP directory, attributes (as specified in the configuration file) may be returned. If using the API, these attributes are returned as a list of attribute/value tuples. If using the VMS ACME system, the attributes are set as logical names in the process s process logical name table. If using the LOGI- NOUT callouts, the attributes are set as logical names in the process s job logical name table. If using the LOGINOUT callouts and upon successful authentication, the last login date and time and the user s password are updated in the VMS UAF file, to ensure the information is as synchronized when possible. This behavior may be overridden by the LDAP_NO_PASSWORD_SYNC keyword in the configuration file. RADIUS VAM provides a client for RADIUS server systems on various platforms. An example of this would be a server running the FreeRADIUS server. This client may be used in the form of an API that is incorporated into an application, or as a callout module for the VMS LOGINOUT mechanism. Transactions with RADIUS servers are performed using unencrypted clear-text data, but with the password encrypted using MD5 encryption. In addition, all RADIUS usernames amy be mapped to a single VMS username on the client system. If using the LOGINOUT callouts and upon successful authentication, the last login date and time and the user s password are updated in the VMS UAF file, to ensure the information is as synchronized when possible. This behavior may be overridden by the RADIUS_NO_PASSWORD_SYNC keyword in the configuration file. VMS Local User Authorization File The local User Authorization file (UAF) may be used within the API to provide authentication for an application. Services, Documentation, and Ordering Information Technical Services Process Software s Technical Services Program has a well-deserved reputation for excellence. Services include consulting, training, software maintenance, support, online resources, and 24-hour support In short, everything you need to keep your Process Software products and your network operating at peak efficiency. Consulting A comprehensive suite of programs is available on a host of topics, including VMS Authentication Module installation and configuration, DNS setup and use, network security, troubleshooting, and others. Hot Line Networking experts are available by telephone, e-mail, or fax. Optional 24- hour support is also available. Updates All maintenance customers with current service contracts receive automatic software and documentation updates of major releases. Training A wide range of educational services can be provided at your site, at regional training locations throughout North America, or at our own training facility in Framingham, MA. Documentation Comprehensive documentation for VMS Authentication Module consists of an administration and user s guide that provides installation and configuration information, along with product release notes that contain late-breaking product information. Documentation is available in HTML and PDF formats on the Process Software Web site (http://www.process.com). Ordering Information VAM is downloaded from Process Softeware. Contact sales@process.com or request a free evaluation at http:// www.process.com/vmsauth/eval.asp. Software Warranty Process Software warrants all products for 90 days from the date of delivery. Hardware and Software Requirements VAM requires at least one network controller supported by MultiNet, TCPware or TCP/IP Services. VAM supports the following operating system versions: * OpenVMS VAX V7.3 * OpenVMS Alpha V6.2 and higher * OpenVMS I64 V8.2 and higher VAM supports the following TCP/IP stacks and versions: * MultiNet V4.4 and later * TCPware V5.6-2 and later * TCP/IP Services v4.0 (plus ECO v5) or later VMS Authentication Manager supports the following RSA Security software versions: * RSA Authentication Manager V6.0 and later 3

About Process Software Process Software is a premier supplier of communications software solutions to mission critical environments since 1984. With a loyal customer base of over 3,000 organizations, including Global 2000 and Fortune 1000 companies, Process Software has earned a strong reputation for meeting the stringent reliability and performance requirements of enterprise networks. Process Software 959 Concord Street Framingham, Massachusetts 01701-4682 Telephone: U.S./Canada 1-(800) 722-7770 International 1-(508) 879-6994 FAX: 1-(508) 879-0042 Web: E-mail: http://www.process.com info@process.com The information contained in this document is subject to change without notice. Process Software assumes no responsibility for any errors that may appear in this document. Process Software, 2011 The Process Software name and logo are trademarks, and VMS Authentication Module, VAM, MultiNet and TCPware are registered trademarks of Process Software. All other company names and product names are trademarks or registered trademarks of their respective holders. Rev. 3.1 4

5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information