3.77. <AuthBy SAFEWORD> Previous topic Parent topic Child topic Next topic

This clause authenticates users from a local or remote SafeWord PremierAccess (SPA) server. SafeWord PremierAccess and tokens are available in Secure Computing website Opens in new window. It supports PAP, CHAP, TTLS-PAP, EAP-OTP and EAP-GTC. It supports password changing, fixed (static) passwords and Safe- Word Silver and Gold tokens.
Only the first authenticator configured into SPA for the user will be used by Radiator to authenticate the user. The second and subsequent authenticators configured for a user will be ignored.
In order to support CHAP, the user must have a fixed password profile with ‘case sensitive password’ enabled in the SafeWord server.
A user can changed their fixed password at any time by entering their current and new passwords in a special format. The password change will only succeed if the old password is correct, and the two copies of the new password are identical and conform to the password length and other constraints configured into SPA for the user's fixed password authenticator.
<AuthBy SAFEWORD> understands also the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.28. <AuthBy xxxxxx>.