The CA ControlMinder Authorization and Authentication API contains a single function for managing access authorizations. Use the SEOSROUTE_RequestAuth function to check whether a user has authorization to access a resource in the requested manner.
Note: For more information about how CA ControlMinder decides whether to grant a user access to a specific resource, see the Endpoint Administration Guide (for Windows or UNIX).
The SEOSROUTE_VerifyCreate function in the CA ControlMinder Authorization and Authentication API can authenticate a user. To do so, pass the existing password. In UNIX, you can also pass the new password to the API function. CA ControlMinder verifies that the password matches the password of the user stored in the CA ControlMinder database. For users defined to CA ControlMinder and the native operating system, CA ControlMinder can also use standard user accounts in the native environment to verify user passwords.
To use the SEOSROUTE_VerifyCreate function to authenticate a user, you must configure CA ControlMinder to enable password control and maintenance. To do this, set the PASSWORD property in the SEOS class. For example, using the selang command language, you would enter the following command:
setoptions class+ (PASSWORD)
Note: When password control is enabled, the system administrator can take advantage of its format restrictions, aging, and history maintenance.
Because CA ControlMinder does not use the native operating system password, you can create user accounts that can use only servers protected by CA ControlMinder. These accounts are not valid UNIX or Windows accounts. In UNIX, these users do not have direct access to stations that enable UNIX shell sessions. In Windows, they cannot log in through a terminal. Therefore, these users are not able to log in interactively in either environment.
Note: For more information about the setoptions command, see the selang Reference Guide.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|