Environment
Reflection for Secure IT UNIX Server version 7.0
Reflection for Secure IT UNIX Client version 7.0
Reflection for Secure IT Windows Client version 7.0
Reflection for Secure IT UNIX Client version 7.0
Reflection for Secure IT Windows Client version 7.0
Situation
CA SiteMinder is a web access management system that controls passwords
and authentication to web applications. This technical note explains
how to configure CA SiteMinder to allow access to users connecting to
the Reflection for Secure IT UNIX Server using SSH.
Resolution
Configuring CA SiteMinder
Follow the steps below to configure SiteMinder to allow SSH connections to the Reflection for IT UNIX Server by creating a LOGINAPPL in eTrustAccessControl for the SSH daemon.
- On the UNIX server, locate the path for sshd2. By default, the path is /usr/sbin/sshd2.
- Run the selang administration utility to invoke the command shell, for example, /opt/AC/eTrustAccessControl/bin/selang.
- At the selang prompt, enter the following command (all on one line):
newres LOGINAPPL SSH2 defacc(x) audit(failure) owner(nobody)
loginpath(/usr/sbin/sshd2) loginflags(none) loginmethod(normal)
loginsequence(sgrp,suid)
- If there are no errors after entering the new LOGINAPPL, enter the following command at the selang prompt to verify that the new entry exists:
sr loginappl ssh2
- Stop and restart the eTrust Access Control services.
Verify the Setting
Once the eTrust Access Control services have been restarted, follow these steps to verify that the changes to LOGINAPPL have been made active.
- Using SSH, connect to the host where eTrust Access Control is installed.
- Once connected, at the command prompt enter sewhoami –a.
The host reply should show your correct user name and terminal details.