UC_AS_SETTINGS - Advanced Security

This Variable (VARA) object allows you to specify particular encryption and authentication methods. It is supplied in the system client 0 and can only be changed within this client because it contains advanced security settings which are valid throughout the whole AE system.

Note: Make sure that only users with the skills needed can access this variable thus avoiding that a specified encryption and/or authorization method is modified by accident.

This variable includes the following keys:

AUTHENTICATION

  • Description: Authentication method

  • Allowed values: NO, LOCAL, and LOCAL_REMOTE

    • NO: no authentication

    • LOCAL: server authentication

    • LOCAL_REMOTE: server and agent authentication

  • Default value: NO

  • Note: Additional steps are required to change the authentication method. For more information, see Changing the Authentication Method.

  • Restart required: Server

    For more information, see Starting and Ending Server Processes.

ENCRYPTION

  • Description: Encryption method

  • Allowed values: NO, AES-128, AES-192, and AES-256

    • NO: no encryption method

    • AES-128: 128-bit key length

    • AES-192: 192-bit key length

    • AES-256: 256-bit key length

  • Default value: AES-256

  • Restart required: Server

    For more information, see Starting and Ending Server Processes.

GSS_COMPATIBILITY

  • Description: Allows you to grant or deny access to the system when (old) GSS agents authenticated with low entropy keys try to connect.

    Note:  This setting is only relevant when you use the LOCAL agent authentication method, see Authentication Methods. Keep in mind that changing the authentication method to LOCAL_REMOTE does not affect the entropy level of the authentication key.

  • Allowed values: YES and NO

    • YES: Agents authenticated with low or high entropy keys can access the system

    • NO: Only agents authenticated with high entropy keys can access the system

  • Default value: YES

  • Restart required: Server

    For more information, see Starting and Ending Server Processes.

See also: