Deployment Solution
48
1
Deployment Agent Authentication
The authentication process starts with the Deployment Solution installer generating a
security key and writing it in the server.key file. You can find the security key at the
following location:
HKEY_LOCAL_MACHINE
>
SOFTWARE
>
Altiris
>
Altiris eXpress
>
Options
>
Security
>
ServerSecurity
registry key.
This security key is a random numeric value that is generated automatically. When the
Deployment Server starts, the server reads this registry key.
The AClient has to add the automatically generated security key to the AClient registry
by specifying the server.key file path.
To specify the server.key file path
1. Click
Start
>
Program
>
Altiris
>
Deployment Solution
>
Configuration
>
Options
>
Authentication
>
Add Key
.
2. Select the Server.key file and click
Open
.
Note:
The AClient also has to select the
Enable key based authentication
check box in
Start
>
Program
>
Altiris
>
Deployment Solution
>
Configuration
>
Options
>
Transport
tab. If this option is not selected, server authentication fails.
The Deployment Server stores the security key at the following location:
HKEY_LOCAL_MACHINE
>
SOFTWARE
>
Altiris
>
Client Service
>
DSAuthentication
The AClient stores the security key at the following location:
HKEY_LOCAL_MACHINE
>
SOFTWARE
>
Altiris
>
Client Service
>
SecurityKey
A random challenge key is generated, which is unique to the AClient. The AClient
encrypts this challenge key and stores the challenge key in the registry using the
security key.
The AClient sends the following connection request to the server in the form of Cipher
Text.
Request=Authenticate
CipherText=…
The Deployment Server uses the ServerSecurity key stored in its registry and decrypts
the Cipher Text. Using the same key, the server again encrypts the challenge key and
sends the following reply in the form of Cipher Text.
Reply=Authenticate
CipherText=…
The AClient decrypts the Cipher Text using the challenge key already stored in its
registry. It compares the decrypted Cipher Text with the random key it has generated.
If the two keys match, the server authenticates the AClient connection. If the keys do
not match, the authentication fails. The connection is closed and the AClient status is
updated to
Server Authentication failed
.
The keys stored on the Server and at the AClient are the same. These keys, however,
look different because they are altered using random bytes, and are encrypted using a
constant key. The Cipher text sent on the wire also looks different in request