Securid - Lantronix SCS Reference Manual

Security
Accounting-Start
EZWebCon users are logged as administrators.
Note:
Accounting-Stop
Accounting-Off
Accounting-Start and Accounting-Stop packets contain session IDs that are used to match them together. In
order to generate the proper session IDs, the SCS must know the current time. It can be told the correct time
by a timeserver (configured with Set/Define IP Timeserver) or by its internal clock (configured with Set/
Define Server Clock). If the current time is not set properly, accounting packets may carry non-unique
session IDs and cause problems in the accounting log.
See Supported RADIUS Attributes, Appendix D, for more information on the
Note:
types of information that are included in accounting packets.
To configure the SCS to send accounting information to the RADIUS accounting server, enter the Set/
Define Authentication RADIUS Accounting command.
Figure 11-32: Configuring the SCS to use RADIUS Accounting
Local>> DEFINE AUTHENTICATION RADIUS ACCOUNTING ENABLED
Local>> DEFINE AUTHENTICATION RADIUS ACCOUNTING PRIMARY 192.0.1.130
Local>> DEFINE AUTHENTICATION RADIUS ACCOUNTING SECONDARY 192.0.1.131
The default RADIUS Accounting port is port 1646. A different port can be specified by adding the Port
parameter to the command as shown in the third line of Figure 11-30.

11.4.4 SecurID

The SCS supports the ACE/Server security system manufactured by Security Dynamics Technologies Inc.
ACE/Server is a system of UNIX-based client-server software and accompanying token cards.
Refer to your Security Dynamics documentation for ACE/Server installation
Note:
instructions.
The SecurID card generates single-use, unpredictable numerical codes. These "cardcodes," together with
the user's PIN, form the basis of the SecurID authentication. The PIN and generated cardcodes are referred
to collectively as SecurID passcodes. To gain access to a network protected by SecurID, both elements of
the passcode must be entered correctly.
SecurID advantages include the following:
Three items are required for authentication: the token card, PIN, and user ID.
The card's cardcode is constantly changing, thus changing the passcode that the user enters.
Send when a user logs into the SCS. This type of packet includes the user's
name, port number, and current configuration.
Send when a connection is logged out or otherwise terminated. This type of
packet includes the user's name, reason for logout, length of connection, and
the counts of bytes and packets sent and received.
Sent when accounting is disabled on the SCS, and when the SCS is about to
shut down or reboot.
11-17
Database Configuration