CA Advanced Authentication Integration

CA Advanced Authentication Integration
capamsc141
capamsc141
integrates with CA Advanced Authentication to provide a strong authentication option for privileged and other native users of the operating system.
The 
system administrator restricts interactive sessions coming from a terminal by adding users to a group. To get write permission to files, users in this group must authenticate themselves using CA ArcotID OTP (one-time passwords).
After authentication, 
does not apply the rules created for the native user (root), but it applies rules to users according to their internal identities. 
differentiates non-restricted, restricted, and promoted users, and applies specific rules to them.
  • When a user
    name
    from the interactive_restricted group logs in interactively, 
    identifies him as "restricted_
    name".
    Examples:
    • When root logs in interactively, 
      applies the rules for the user "restricted_root" (if specified) or otherwise "_default" restricted rules.
    • When root logs in non-interactively, 
      applies the rules for the root user.
  • When a user from the interactive_restricted group promotes himself with an enterprise name, 
    identifies him as "
    name2".
    Example:
    • When root promotes as "name2", 
      applies the rules for the user "name2
      ".