Powertech RSA SecurID Agent Maintenance screen
The objective of this program is to allow user profiles to be maintained. SecurID can be activated or deactivated for user profiles. Activating a profile allocates it to the SecurID sign-on exit point, ensuring that users signing on to IBM i with that profile must pass through the SecurID security procedures.
Deactivating a profile means any user signing on to IBM i with that profile will not go through the SecurID security process.
For SecurID to function, a communication link is required between IBM i and the RSA Authentication Manager (ACE/Server). If this is the first time the program has been used and a prior configuration does not exist between the machines, enter "Y" to create a connection.
Alternatively, if a network configuration exists and you wish to maintain only user profiles, leave the value as "N". This value should always be entered once networking details between the IBM i and RSA Authentication Manager (ACE/Server) machines have been set up.
How to Get There
On the Master Menu, choose option 1.
Network Configuration
This allows the networking information about the connection between IBM i and the RSA Authentication Manager (ACE/Server) machine to be entered. Communication between the two machines must be established before SecurID will function.
Note SecurID can only check that the information is valid and relevant. A logical link may only be established here and you must first ensure the necessary physical links are in place.
IBM i TCP/IP Address
This specifies an internet address to which the machine, running IBM i responds. This address, associated with a line description and a subnet mask, defines the TCP/IP interface necessary for communication between IBM i and RSA Authentication Manager (ACE/Server).
The internet address is specified in the form nnn.nnn.nnn.nnn where nnn is an integer value between 0 and 255.
Line Description
The line description is the physical connection between the machine running IBM i and the TCP/IP network. This must be defined before the TCP/IP interface can be added.
This defines the part of the network where this interface will be attached. The subnet mask takes the form nnn.nnn.nnn.nnn where nnn is an integer between 0 and 255.
This specifies the name of the machine, running IBM i and will correspond to the internet address entered above. A common practice is to define one short name that is unique within your local network. However, a host name may be anything from one to 255 characters in length.
This defines the name of the machine running the RSA Authentication Manager (ACE/Server) software. It must correspond to the internet address of that machine and be used to communicate with the machine running IBM i.
This specifies an internet address to which the RSA Authentication Manager (ACE/Server) machine responds. This address is associated with the “Authentication Mgr Name”, entered above.
The internet address is specified in the form nnn.nnn.nnn.nnn where nnn is an integer value between 0 and 255.
This specifies the name of the TCP/IP domain to which the machine, running IBM i belongs. This name is used along with “IBM i Host Name” to build a unique name, that's used, to reference and communicate with the IBM i machine.
Note, if you do not wish to change your existing domain name it is important that your current domain name is entered here.
Start Agent Maintenance (STRAGTMNT)
This option allow you to specify profiles to work with for activating or de-activating SecurID Authentication.
User Profile
Specifies the user profiles to be shown.
The following entries are valid:
After selecting profiles, the Work with Profiles for SecurID Agent screen appears.