Changing the Authentication Method
Once defined, changing the authentication method is possible but it involves considerable effort since the Automation Engine and all Agents must be restarted.
To Change the Authentication Method from NO to LOCAL (Server)
- End all Agents.
- End all server processes.
-
Export the Authentication Key to a file. You do so in batch mode using the AE.DB Load utility, see Start Parameters - Utilities.
The Authentication Key has not yet been set in the database.
-
Make this file available to all Agents. For this purpose, enter the following in their INI files:
- In
InitialPackage=
([AUTHORIZATION] section), enter the path and name of the Authentication Key file. - In
KeyStore=
, enter the path and name of the file in which the Agent should store the Authentication Key information.
Important! Make sure that both files are stored in protected directories.
- In
- Set the Authentication Method (in this case, LOCAL) and the Authentication Key in the database. You do this in batch mode using the AE.DB Load utility.
- Start all server processes.
-
For security reasons, withdrawing the authentication from all Agents is recommended.
The LOCAL Authentication Method is based on the principle that the Agents will be manually authenticated in the Administration perspective to guarantee that the Agent is not a program of a potential hacker.
You can skip this step if you are sure you want to make the changeover without this security measure.
To withdraw the Agent authentication, do the following:
- In the Agents list in the Administration perspective, select all Agents.
- Right-click and select Withdraw Authentication.
- Start all Agents.
- The Agents read the Authentication Key file and store the information in their KeyStore files. Then, they delete the Authentication Key file automatically.
-
If you followed our recommendation and withdrew the authentication from the Agents, you must authenticate them now:
- In the Agents list in the Administration perspective, select all Agents.
- Right-click and select Authenticate Agent.
Important! Authenticated Agents that are not authenticated cannot log on to the Automation Engine system.
To Change the Authentication Method from NO to LOCAL_REMOTE (Server and Agent)
With the LOCAL_REMOTE method the Agents require a file in which the Authentication Package is stored. As this file differs for each Agent, it must be generated individually and made available to the corresponding computers.
- End all Agents.
- End all server processes.
-
Change the Authentication Method to LOCAL_REMOTE. You do so in batch mode using the AE.DB Load utility, see Start Parameters - Utilities.
The Authentication Key is now written to the database.
- Start all server processes.
- Log on to system client 0000 and open the Administration perspective.
- Open the list of Agents.
-
For security reasons, withdrawing the authentication from all Agents is recommended.
The LOCAL_REMOTE Authentication Method is based on the principle that the Agents will be manually authenticated in the Administration perspective to guarantee that the Agent is not a program of a potential hacker.
You can skip this step if you are sure you want to make the changeover without this security measure.
To withdraw the Agent authentication, do the following:
- In the Agents list in the Administration perspective, select all Agents.
- Right-click and select Withdraw Authentication.
-
Export an Authentication Package for each individual Agent:
- In the Agents list, select all Agents.
- Right-click and select Download Authentication Package.
Note: You need W (Write) permissions for the Agent object to be able to export the Authentication Package.
- Save the Authentication Package in a secure folder on the Agent's computer.
-
In the INI file of each Agent:
- In
InitialPackage=
([AUTHORIZATION] section) enter the path and name of the Authentication Package. - In
KeyStore=
enter the path and name of the Agent's KeyStore file in which the Agent will store the information retrieved from the Authentication Package.
Important! Make sure that both files are stored in protected directories.
- In
- Start all Agents.
- The Agents read the Authentication Package files and store the information in their respective KeyStore files. Then they delete the Authentication Package file automatically.
To Change the Authentication Method from LOCAL to LOCAL_REMOTE (Server to Server and Agent)
As the Agents have already been authenticated, you can easily switch from LOCAL to LOCAL_REMOTE and viceversa. You do it in the UC_AS_SETTINGS variable. For more information, see UC_AS_SETTINGS - Advanced Security.
- Log in to Client 0.
-
Enter UC_AS_SETTINGS in the Global Search field.
- A dropdown list with a link to the variable opens up. Click it to displya the UC_AS_SETTINGS variable.
- Activate the checkbox next to AUTHENTICATION.
- Click the file icon in the Value 1 column to open the Cell Editor, where you can enter LOCAL_REMOTE.
- Save your changes.
- End all server processes.
-
Start all server processes.
Agents will automatically connect after the time (in seconds) specified in the RECONNECT_TIME parameter. For more information, see UC_HOSTCHAR_DEFAULT - Host Characteristics.
To Change the Authentication Method from LOCAL (Server) or LOCAL_REMOTE (Server and Agent) to NO
With Authentication Method "NO", the Agents do not require the Authentication Key that is stored in the Automation Engine database. Therefore, the Agents' keystore files must be deleted. You do it in the UC_AS_SETTINGS variable. For more information, see UC_AS_SETTINGS - Advanced Security.
- End all Agents.
- Log in to Client 0.
-
Enter UC_AS_SETTINGS in the Global Search field.
- A dropdown list with a link to the variable opens up. Click it to display the UC_AS_SETTINGS variable.
- Activate the checkbox next to AUTHENTICATION.
- Click the file icon in the Value 1 column to open the Cell Editor, where you can enter NO.
- Save your changes.
- End all server processes.
-
Delete the Authentication Key from the database.
For this purpose, process the following SQL statement in a transaction:
delete from oha
. -
Start all server processes.
- Delete the KeyStore file in each Agent. Its path and name are stored in the
KeyStore=
parameter of their respective INI files. - Start all Agents.
See also: