The DSA dynamically binds to and unbinds from remote DSAs. A DSA maintains at most one binding per security level (set by the auth-levels list in the DSA definition) to a remote DSA. When a DSA has an established DSP binding of the correct security level to a remote DSA, it uses this binding. A second binding of the same security level is not set up.
The DSA definition supports trust flags that enable a DSA to upgrade or downgrade a link between DSAs. For example, when a link between two DSAs supports only anonymous connections, a credentialed user can access the link when the receiving DSA supports the allow-downgrading trust flag. Conversely, when the only allowed DSP link is a clear-password link, an anonymous user can access the link only when there is support for the allow-upgrading trust flag.
A DSP binding to a remote DSA unbinds after the dsp-idle-time is exceeded. Ensure that you set this value higher on router DSAs than on data DSAs.
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |