CA Advanced Authentication Integration
CA Advanced Authentication Integration
capamsc141
capamsc141
integrates with CA Advanced Authentication to provide a strong authentication option for privileged and other native users of the operating system.
The system administrator restricts interactive sessions coming from a terminal by adding users to a group. To get write permission to files, users in this group must authenticate themselves using CA ArcotID OTP (one-time passwords).
After authentication, does not apply the rules created for the native user (root), but it applies rules to users according to their internal identities. differentiates non-restricted, restricted, and promoted users, and applies specific rules to them.
- When a usernamefrom the interactive_restricted group logs in interactively, identifies him as "restricted_name".Examples:
- When root logs in interactively, applies the rules for the user "restricted_root" (if specified) or otherwise "_default" restricted rules.
- When root logs in non-interactively, applies the rules for the root user.
- When a user from the interactive_restricted group promotes himself with an enterprise name, identifies him as "name2".Example:
- When root promotes as "name2", applies the rules for the user "name2".