13.1.1.5.1. Procedure – Modifying authentication settings

  1. Navigate to the Management server component of the host running MS, and select the auth parameter from Global parameters.

  2. Select the desired authentication method in the Authentication method field.

  3. If you selected Local accounts and AS authentication, you have to configure access to AS in the AS configuration section.

    Note

    Using these authentication methods requires an already configured AS instance. See Chapter 15, Connection authentication and authorization for details on using and configuring AS.

    Enter the IP address or the hostname of the Authentication Server into the Provider host field. By default, AS accepts connections on port 1317.

    Select the certificate that MS will use to authenticate itself from the Certificate field.

    Select the CA group that contains the CA that issued the certificate of AS from the CA group field. MS will use this group to verify the certificate of AS.

  4. If you are running more than one authentication backends (more than one AS instances), create a new router in the Authentication server MC component that will direct the authentication requests coming from MS to the appropriate AS instance.

    Add a new condition to the router, and enter Authentication-Peer into the Variable field, and zms into the value field.

    For details on configuring AS routers, see Section 15.3.1.2, Configuring routers.

    Note

    MS sends also the username in the authentication requests. This can be used to direct authentication requests to different AS instances based on the username.

  5. Click OK, commit and upload your changes, and reload the Management server component.