4.1.1. Registry entries on Microsoft Windows platforms

Some settings of Zorp Authentication Agent (ZAA) can be modified through the Windows Registry. Launch the registry editor by issuing the regedit command (either from a command prompt or through the Start button).

In the 64-bit version of the Registry Editor, the Zorp Authentication Agent parameters, as the parameters of a 32-bit program, are located under: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BalaBit\Satyr for the Multiplexer and HKEY_CURRENT_USER\Software\BalaBit\Satyr for the Client application.

The component has to be restarted if a value is modified (that is, the Zorp Authentication Agent Multiplexer service for Zorp Authentication Agent Multiplexer, the Authentication Client application for Zorp Authentication Agent).

To restart the Zorp Authentication Agent Multiplexer, select the Start button, type Services and then press Enter. Select Authentication Multiplexer on the list, then Restart it.

The following settings are available from the registry:

The following table presents the settings available from the HKEY_CURRENT_USER\Software\BalaBit\Satyr registry for the Client application.

HKEY_CURRENT_USER\Software\BalaBit\Satyr

Name

Description

Default value

Automatic

To enable the automatic Kerberos authentication without user interaction with the Zorp Authentication Agent, set it to 1. In this case, Zorp Authentication Agent will use the username provided during Windows login.

dword:1

Can Remember

To save your credentials so that the client will fill the username and password automatically for later authentication attempts, set this parameter to 1. If it is set to 0, the credentials will not be saved and have to be reentered again.

dword:1

Details

The Zorp Authentication Agent displays the details of the connection in the popup dialog if this parameter is set to 1. The following information is displayed: the name of the application initiating the connection, the IP address and the port of the destination server, the name of the Zorp service started, and the type of the connection (TCP/UDP). If the details are disabled, only the name of the service is displayed.

dword:0

Forget Password

To store the authentication password indefinitely in the Zorp Authentication Agent, set this parameter to False. This sets the Forget Password Interval parameter to infinite.

dword:0

Forget Password Interval

To prevent unauthorized initiation of network connections through unattended machines, configure this parameter. Enter the number of minutes after which Zorp Authentication Agent deletes the stored password and requires authentication for new connection requests.

dword:1

Has Preferences

To enable the Preferences menu item in the system tray icon of Zorp Authentication Agent, set this parameter to 1. Otherwise, this menu item will not be available.

dword:0

LOG_CLIENT

It marks the verbosity level of the authentication client, ranging from 0 (lowest) to 9. Increase the log verbosity only if it is necessary (for example, for troubleshooting purposes), because setting it to higher than 3 can result in very large log files.

The log file is stored in the user's home directory.

dword:0

InstallLang

The installer generates it.

string

Table 4.1. Registry setting options for the Client application

The following table presents the settings available from the HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BalaBit\Satyr registry in the 64 bit system and from the HKEY_LOCAL_MACHINE\SOFTWARE\BalaBit\Satyr registry in the 32 bit system for the Multiplexer.

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BalaBit\Satyr (64 bit system)

HKEY_LOCAL_MACHINE\SOFTWARE\BalaBit\Satyr (32 bit system)

Name

Description

Default value

aliasfile

This is the name and path (for example, C:\tmp\aliases) of a text file. Using the information contained in this file, the Zorp Authentication Agent Multiplexer can redirect the authentication of certain users to a different user in multi-user environments. For example, to redirect the connection authentication of the Administrator user to MainUser enter the following line: Administrator: MainUser.

string

LOG

It is the verbosity level of the Zorp Authentication Agent Multiplexer, ranging from 0 (lowest) to 9. Increase log verbosity only if it is necessary (for example, for troubleshooting purposes), because setting it to higher than 3 can result in very large log files.

The log file is stored in the %SystemRoot%\SysWOW64\config\systemprofile folder.

dword:3

SSL

To configure the Zorp Authentication Agent Multiplexer so that it uses only SSL-encrypted connections, set this parameter to 1.

dword:1

VerifyDepth

It is the maximum length of the verification chain.

dword:3

Table 4.2. Registry setting options for the Multiplexer

Previous Up Next
 Home