Table of Contents
Advertisement
An Authentication Key is the entity which uniquely identifies the user it is associated with. The key
is used to sign the ticket the system produces at log on. To secure the key even further it is highly
recommended that once a key is generated it is stored on the user's USB key.
A key can be created both by the administrator, from the Manage System, and the user from the
Manage Account. In this section we detail both processes.
Creation from System
The administrator can initialize the key for a user and can continue to reset the key.
From the Accounts page (Manage System > Access Control > Accounts) click the More...
1.
button against the user. Select the Generate Authentication Key action from the list.
The system asks for a passphrase to encrypt the identity. When a passphrase has been supplied
2.
pressing the Generate button will create a key encrypted by the passphrase
The system provides the key in a zip file. This should be stored on to a secure location and the
3.
identity files extracted and given to the appropriate user. It is highly recommended that the user
store the key file onto a USB key for greater security.
It is this key that will be used to authenticate the user during Public Key Authentication.
Creation from Account
The user can also configure their identity. In fact the Super User, by using 'Reset Authentication Key'
can force users to create their own identities.
Select the Update Authentication Key action.
1.
This takes us to the 'Update Identity' window. From here the user's identity can be updated. As
2.
a security measure the user must also provide their account password. The system requires the
new passphrase associated with this new identity. Once satisfied pressing the Generate button
will create the new identity file.
As before the key is stored within a zip file. This should be stored, the key file extracted and
3.
stored on a USB key. When the user logs into the system, it is this identity the authentication
module will ask for.
Resetting the Key
Here the administrator can force each user to define their own key when they first login to the
Barracuda SSL VPN using Public Key Authentication. Selecting this when a new account is created
is a great way to encourage users to configure and manage their identities and other security
passwords.
Must be Two-Factored Scheme
For reset to work correctly public key authentication must be in a scheme with at least two
authentication modules in and public key must not be positioned as the primary module.
This action is exclusive to the administrator.
From the Accounts page (Manage System > Access Control > Accounts) press the 'More...'
1.
button against the user you wish to reset an authentication key for. From the action list select the
select the Reset Authentication Key action.
The system displays a warning message clarifying the action about to be performed. Selecting
2.
Yes will continue with the reset
88
Barracuda SSL VPN Administrator's Guide
Advertisement
Table of Contents
Troubleshooting
