Configure CA SiteMinder to Allow SSH Connections to the Reflection for Secure IT Server

  • 7022098
  • 14-Mar-2008
  • 02-Mar-2018

Environment

Reflection for Secure IT UNIX Server version 7.0
Reflection for Secure IT UNIX Client version 7.0
Reflection for Secure IT Windows Client version 7.0

Situation

CA SiteMinder is a web access management system that controls passwords and authentication to web applications. This technical note explains how to configure CA SiteMinder to allow access to users connecting to the Reflection for Secure IT UNIX Server using SSH.

Resolution

Configuring CA SiteMinder

Follow the steps below to configure SiteMinder to allow SSH connections to the Reflection for IT UNIX Server by creating a LOGINAPPL in eTrustAccessControl for the SSH daemon.

  1. On the UNIX server, locate the path for sshd2. By default, the path is /usr/sbin/sshd2.
  2. Run the selang administration utility to invoke the command shell, for example, /opt/AC/eTrustAccessControl/bin/selang.
  3. At the selang prompt, enter the following command (all on one line):
newres LOGINAPPL SSH2 defacc(x) audit(failure) owner(nobody) loginpath(/usr/sbin/sshd2) loginflags(none) loginmethod(normal) loginsequence(sgrp,suid)
  1. If there are no errors after entering the new LOGINAPPL, enter the following command at the selang prompt to verify that the new entry exists:
sr loginappl ssh2
  1. Stop and restart the eTrust Access Control services.

Verify the Setting

Once the eTrust Access Control services have been restarted, follow these steps to verify that the changes to LOGINAPPL have been made active.

  1. Using SSH, connect to the host where eTrust Access Control is installed.
  2. Once connected, at the command prompt enter sewhoami –a.

The host reply should show your correct user name and terminal details.

Additional Information

Legacy KB ID

This article was originally published as Attachmate Technical Note 2303.