PassKey configuration

In some circumstances, the best (or the only) type of authentication available is with Auth Mode 2, that is passkey authentication. In particular, using a passkey as the sole authentication will be necessary on networks that are using Network Address Translation (NAT) or if the BMC Defender Server is multi-homed, or if tunneling software is being used. In these cases, the destination address for syslog messages might not be the same as the location of remote configuration requests, making the use of Auth Mode 1 or Auth Mode 3 difficult or impossible. 

The passkey is simply a text string of 40 characters or less. The value is case-sensitive but can contain any printable characters, including spaces. The value passes as an argument to the rsmconf.exe program (discussed as follows) and also configures in the BMC Defender Server through System > Parms tab. Since this value is well-known, it is important to change this value across the enterprise when relying solely on passkey authentication. 

In general, for extra security, the passkey should be used to supplement the source IP address authentication. There is no downside to using passkey authentication other than making firewall issues slightly more complex to troubleshoot. 

The passkey does not transmit across the network in clear text. The value encrypts; hence it is secured from attack by network sniffers. However, the value is in clear text within the CO-sysmsg.cnf file, hence this file should be protected from unauthorized access (such as by limiting access to the host machine).