3.27. <AuthBy ACE> Previous topic Parent topic Child topic Next topic

The <AuthBy ACE> module performs authentication directly to an RSA Security Authentication manager (formerly SecurID ACE/Server). For more information, see RSA website Opens in new window. RSA Security Authentication Manager provides a token-based one-time password system. <AuthBy ACE> requires the Authen-ACE4 Perl module from CPAN. Compile it for your chosen Perl distribution. For more information, see Section 2.1.2. CPAN. You can also contact OSC in case you need help with your Authen-ACE4 setup.
Tip
<AuthBy ACE> works with RSA Authentication Manager 7.1 and later. If you have AM 7.1 or later you might consider using <AuthBy RSAAM>, since it is more capable and more portable.
Before using this AuthBy method ensure that you have the following things:
<AuthBy ACE> works also with EAP-Generic-Token-Card and EAP-PEAP-Generic- Token-Card authentication, as well as RADIUS PAP and TTLS-PAP.
Tip
There are more detailed installation and testing instructions in the goodies/ace.txt file in your distribution.
Tip
An alternative to using <AuthBy ACE> is to proxy requests to the optional RADIUS server that comes with Authentication Manager (although that RADIUS server has many fewer features and supported platforms than Radiator).
Tip
There is an example Radiator configuration file for <AuthBy ACE> in goodies/ace.cfg in your Radiator distribution.
Tip
<AuthBy ACE> uses the State reply item to get the RADIUS client to carry the context from one step of authentication to the next. If you wish to test <AuthBy ACE> with radpwtst, use the -interactive flag.
radpwtst -interactive -user fred -password 1234574424
Tip
<AuthBy ACE> and Authen-ACE4 can work across the network to a remote Authentication Manager on another host. For more information about configuring remote Agent access, see RSA website Opens in new window.