13.1.1.5.1. Procedure – Modifying authentication settings

1. Navigate to the Management server component of the host running ZMS, and select the auth parameter from Global parameters.

2. Select the desired authentication method in the Authentication method field.

3. If Local accounts and ZAS authentication has been selected, configure access to ZAS in the ZAS configuration section.

   Note
   Using these authentication methods requires an already configured ZAS instance. See Chapter 15, Connection authentication and authorization for details on using and configuring ZAS.

   Enter the IP address or the hostname of the Zorp Authentication Server into the Provider host field. By default, ZAS accepts connections on port 1317.

   Select the certificate that ZMS will use to authenticate itself from the Certificate field.

   Select the CA group that contains the CA that issued the certificate of ZAS from the CA group field. ZMS will use this group to verify the certificate of ZAS.

4. If more than one authentication backends are run (more than one ZAS instances), create a new router in the Authentication server ZMC component that will direct the authentication requests coming from ZMS to the appropriate ZAS instance.

   Add a new condition to the router, and enter Authentication-Peer into the Variable field, and zms into the value field.

   For details on configuring ZAS routers, see Section 15.3.1.2, Configuring routers.

   Note
   ZMS sends also the username in the authentication requests. This can be used to direct authentication requests to different ZAS instances based on the username.

5. Click OK, commit and upload the changes, and reload the Management server component.