3.77. <AuthBy SAFEWORD>

This clause authenticates users from a local or remote SafeWord PremierAccess (SPA) server. SafeWord PremierAccess and tokens are available in Secure Computing website Opens in new window. It supports PAP, CHAP, TTLS-PAP, EAP-OTP and EAP-GTC. It supports password changing, fixed (static) passwords and Safe- Word Silver and Gold tokens.
Only the first authenticator configured into SPA for the user will be used by Radiator to authenticate the user. The second and subsequent authenticators configured for a user will be ignored.
Note
In order to support CHAP, the user must have a fixed password profile with ‘case sensitive password’ enabled in the SafeWord server.
Note
A user can changed their fixed password at any time by entering their current and new passwords in a special format. The password change will only succeed if the old password is correct, and the two copies of the new password are identical and conform to the password length and other constraints configured into SPA for the user's fixed password authenticator.
oldpassword\cnewpassword,newpassword
<AuthBy SAFEWORD> understands also the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.32. <AuthBy xxxxxx>.

3.77.1. Host

This parameter specifies the name or address of the SafeWord PremierAccess server to connect to. The connection will be made with SSL. Defaults to ‘localhost’.

3.77.2. Port

This parameter specifies the port name or number to connect to on Host. Defaults to 5031, the default SafeWord EASSP2 port.

3.77.3. SSLVersion

This optional parameter specifies SSL/TLS protocol version(s) to use when connection to the server. For further information, see Perl IO::Socket::SSL module documentation for SSL_version. The default value and supported versions depend on the IO::Socket::SSL, Net::SSLeay and OpenSSL version available on your system.
Here is an example of using SSLVersion:
SSLVersion TLSv1_2

3.77.4. SSLCipherList

This optional parameter specifies ciphers for SSL/TLS to use when connection to the server. For further information, see Perl IO::Socket::SSL module documentation for SSL_cipher_list. The default value and supported versions depend on the IO::Socket::SSL, Net::SSLeay and OpenSSL version available on your system.
Here is an example of using SSLCipherList:
SSLCipherList DEFAULT:!EXPORT:!LOW

3.77.5. SSLVerify, SSLCAFile, SSLCAPath, SSLCAClientCert, SSLCAClientKey, SSLCAClientKeyPassword

These parameters are used to control the SSL connection to the SafeWord server. They behave as described in “<AuthBy IMAP>”, see Section 3.59. <AuthBy IMAP>.