General Settings

Server Port

The port number on which the Authentication Server will listen.

Log File Maximum Size (kilobytes)

The maximum size in kilobytes for user access log file. These log files are named iocauth.log.n where n is 0 for the current file and 1, 2, 3, ... depending upon the value of the next setting.

Log File Count

The maximum number of user access log files.

Enable ticket generation

This checkbox enables the authentication server to perform the authentication only once for each MVCA viewer connection. An encrypted, secure ticket is issued by the authentication server and returned to the MVCA viewer for subsequent use. When an operator opens a CCS server from the MVCA server.

This setting should be checked when one-time use passwords (RSA tokens) are employed and reusing a password would result in an authentication failure.

Peer servers

When ticket generation is enabled and MVCA servers are connected to CCS servers on other computers, the DNS names of the other computers must be entered into the Peer Servers field. This allows tickets to be honored across all MVCA and CCS servers.

Resource Level Authorization

Resource level authorization allows the administrator to control which users may access which consoles. If disabled then any authorized user may access any console.

Login History

Determines how long to retain an audit trail of user login attempts and whether to report a users recent activity to him after a successful login.

Days of history to kee

Specify how long to retain audit records. Older records are discarded nightly.

Show in viewer after successful login

When checked, the user will see a popup window listing his recent activity immediately after logging in to a CCS Console or Automation Viewer.

Number of recent successes to show

Specify the number of most recent successful logins to be shown to the user in the popup window displayed after logging in.

Number of recent failures to show

Specify the number of most recent login failures to be shown to the user in the popup window displayed after logging in.

Authentication Method

Selects whether the MVCM user database or external program based authentication is used.

Database

When checked, an internal database stored on the MVCM unit containing user names and encrypted passwords is used to store the user information. This is the default authentication method. If the Database method is selected, you must create and maintain the list of users by means of the Users page. Password policies set in the Account Policies page will apply.

Program

The program method allows the user to provide a program or script to validate user access. Contact BMC Software support for details on using this feature. If Program authentication is selected, you must upload a program or script. The selected program name will be displayed in the list box and used for authentication.

Delete

Permanently deletes the selected program shown in the list box.

Upload

Opens the Upload User Authentication Program page for you to select a program or a script to be used for authentication. More than one program can be uploaded; the selected program will be used for authentication the next time the Authentication server is started, if Program is selected.

Download

Allows you to download the selected program to your computer.

Test

Opens the Program Authentication Test page for you to interactively test the program or script selected in the pull-down menu. Useful for testing changes and troubleshooting problems if they occur.

LDAP/Active Directory

When selected, performs an LDAP authentication according to the specified configuration. See the separate LDAP topic for more information.

Options for Program and LDAP Authentication

These options are available when authentication is set to either Program or LDAP.

Try Database if Program or LDAP returns connection failure

If the authentication method returns a connection failure - indicating it was unable to make a network connection to the external authentication source - then use the internal MVCM user database for password verification. Intended as an emergency backup if you frequently experience network difficulties authenticating externally. Users must be added to the internal database and the users must know their passwords entered into the database. It is recommended that you also disable automatic account management in the Account Policies section so that local user names do not get disabled or deleted.

Use Database for Privileges

Use the access roles contained in the internal database after a successful authentication is reported by the authentication method. This allows the method to be used to check the user name and password, while configuring privileges such as CCS Administrator or Read Only in the internal database. Users must be added to the internal database, but their password is not used.

Use Database for Command Suppression Groups

Use the command suppression groups contained in the internal database after a successful authentication by the authentication method. This allows the method to be used to check the user name and password, while configuring the command suppression group in the internal database. Users must be added to the internal database, but their password is not used.

Apply

Saves the configuration. If the Authentication Server is running, it must be stopped and restarted before any changes take effect.

Start

The Start button will be enabled if the Authentication server is stopped; clicking on it will start the server.

Stop

The Stop button will be enabled if the Authentication Server is running; clicking on it will stop the server.