Chapter 4: Basic Administration Tasks
Configuring alternative group policies
63
To configure the alternative network topology, do the following:
1
On the computer in the DMZ running the SafeWord Agent, use the group
configuration window (refer to “Configuring the Authentication Policy” on
page 196) to force
all users to authenticate using SafeWord
. This will
forward ALL authentication requests to the SafeWord server.
2
On the computer inside the network running the SafeWord server, locate
the file
<Install_Dir>\SERVERS\Shared\sccservers.ini
.
3
Locate the line that starts with
#GroupsAuthenticationRequiredClass=securecomputing.yellows
tone...
4
Modify the line by removing the “#” sign from the beginning of that line.
5
Navigate to
<Install_Dir>\SERVERS\AAAServer\GroupDiscrimination.
6
Locate and open the HTML file called
ConfigureGroupPolicy.html
.
Figure 31:
Group
Discrimination
configuration page
7
Change the logging and authentication policies as needed. Refer to
“Configuring the Authentication Policy” on page 196 for additional
information.
8
Restart the SafeWord Authentication Engine service.
Note:
Please note that in this topology it is vital that your SafeWord Authentication
Engine service is up and running constantly; otherwise, neither the SafeWord nor
the non-SafeWord users will be able to log onto your system. The best way to
ensure this is to set up your system with multiple SafeWord servers, as described in
section “Replication” on page 205.