Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual page 218

Configuring Secure Access Devices Guide
200
Table 52: Authentication Realm Policies Configuration Details (continued)
Option Function
Allow Restricts the Secure Access
device and resource access by
requiring client-side
certificates.
Certificate Specifies any additional criteria
Field that the admin realm should
use when verifying the policies.
Expected Specifies values in the client
Value certificate.
Authentication Policies > Password tab
Options for Restricts the Secure Access
primary device and resource access by
authentication password length when
server administrators or users try to
sign in to a Secure Access
device. The user must enter a
password whose length meets
the minimum password-length
requirement specified for the
realm.
Primary Specifies password length
password restrictions.
minimum
length
(character)
Your Action
Select one of the following options from the
drop-down list:
All users—Does not require a user's client to
have a client-side certificate.
All users, remember certificate while user is
signed in—Does not require a user's client to
have a client-side certificate, but if the client
does have a certificate, the Secure Access
device remembers the certificate information
during the entire user session.
Users with a trusted client
certificate—Requires a user's client to have
a client-side certificate to satisfy the access
management requirement. To restrict access
even further, you can define unique certificate
attribute-value pairs. Note that the user's
certificate must have all the attributes you
define.
Enter a value. For example, enter uid.
NOTE: This field is enabled only when you
select Users with trusted client certificate
from the Allow drop-down list and by clicking
New.
Enter a variable, for example, enter
<userAttr.uid>.
NOTE: This field is enabled only when you
select Users with trusted client certificate
from the Allow drop-down list and by clicking
New.
Select one of the following options from
drop-down list:
Allow all users (passwords of any
length)—Does not apply password length
restrictions to users signing in to the Secure
Access device.
Only allow users that have passwords of a
minimum length—Requires the user to enter
a password with a minimum length of the
number specified.
Enter the number.
Copyright © 2010, Juniper Networks, Inc.