UC_AS_SETTINGS - Advanced Security
This Variable (VARA) object allows you to specify particular encryption and authentication methods. It is supplied in the system client 0 and can only be changed within this client because it contains advanced security settings which are valid throughout the whole AE system.
Note: Make sure that only users with the skills needed can access this variable thus avoiding that a specified encryption and/or authorization method is modified by accident.
This variable includes the following keys:
AUTHENTICATION
-
Description: Authentication method
-
Allowed values: NO, LOCAL, and LOCAL_REMOTE
-
NO: no authentication
-
LOCAL: server authentication
-
LOCAL_REMOTE: server and agent authentication
-
-
Default value: NO
-
Note: Additional steps are required to change the authentication method. For more information, see Changing the Authentication Method.
-
Restart required: Server
For more information, see Starting and Ending Server Processes.
ENCRYPTION
-
Description: Encryption method
-
Allowed values: NO, AES-128, AES-192, and AES-256
-
NO: no encryption method
-
AES-128: 128-bit key length
-
AES-192: 192-bit key length
-
AES-256: 256-bit key length
-
-
Default value: AES-256
-
Restart required: Server
For more information, see Starting and Ending Server Processes.
GSS_COMPATIBILITY
-
Description: Allows you to grant or deny access to the system when (old) GSS agents authenticated with low entropy keys try to connect.
Note: This setting is only relevant when you use the LOCAL agent authentication method, see Authentication Methods. Keep in mind that changing the authentication method to LOCAL_REMOTE does not affect the entropy level of the authentication key.
-
Allowed values: YES and NO
-
YES: Agents authenticated with low or high entropy keys can access the system
-
NO: Only agents authenticated with high entropy keys can access the system
-
-
Default value: YES
-
Restart required: Server
For more information, see Starting and Ending Server Processes.
See also: