■
On the host computer, open pcAnywhere and configure a host connection item
to use SecurID authentication.
For more information, see the Symantec pcAnywhere User's Guide.
When a remote user attempts to connect to a host computer that uses SecurID
authentication, the user is prompted for authentication credentials which include
a PIN number, logon name, and passcode.
The host computer handles the data requests between the remote computer and
the RSA ACE/Agent, which is installed on the host computer. The RSA ACE/Agent
handles the data requests between the host computer and the RSA ACE/Server.
If the tokencode that is provided by the remote user is out of sync with the server
clock or appears to be compromised, the user is prompted for another tokencode.
This Next Tokencode is generated by the SecurID authenticator. The remote user
must wait for this tokencode before continuing.
Note:
To use RSA SecurID authentication, the host and remote computers must
be running Symantec pcAnywhere 11.0.x or later.
Using Microsoft Windows-based authentication types
Table 6-1
includes information about the authentication types available for
Microsoft Windows-based platforms.
Table 6-1
Microsoft Windows-based authentication types
Implementation in
pcAnywhere
Explanation
Microsoft Windows-based
authentication types
Users can browse an ADS
tree for user or group
names.
Validates a user or group
by checking a list stored
in an Active Directory
Service.
ADS (Active Directory Server) (For
Windows 2000 only)
Users must log on to the
LDAP server, and then
they can browse for user
names.
Validates a user or group
by checking a user list
stored in a Lightweight
Directory Access Protocol
(LDAP) 3.0-compliant
directory service.
Microsoft LDAP
Users on Windows NT can
browse a domain list for
user or group names.
Validates a user or group
by checking a workstation
or user domain list.
NT (For Windows 2000/2003
Server/XP/Vista)
Managing security in Symantec pcAnywhere
Controlling access to pcAnywhere hosts
92