To establish a connection between an agent and an InTrust server, you should log on to the computer where the agent is installed using an administrative account (Microsoft Windows computers) or the root account (Unix computers) and run one of the following commands:
adcscm.nt_intel -add ServerName Port [password]
for Microsoft Windows computers
./adcscm -add ServerName Port [password]
for Unix computers
where:
To disconnect the agent from the InTrust server, on the target computer run:
adcscm.nt_intel -remove ServerName Port
for Microsoft Windows computers
./adcscm -remove ServerName Port
for Unix computers
To find out which InTrust server or servers an agent responds to, log on to the computer where the agent is installed using an administrative account (Microsoft Windows computers) or the root account (Unix computers) and run one of the following commands:
adcscm.nt_intel -list
for Microsoft Windows computers
./adcscm -list
for Unix computers
The output should look similar to the following:
Name: 10.30.39.254
Port: 900
Name: s8050-w2k3.testorg.local
Port: 900
Name: gz.testorg.local
Port: 900
Name: 10.30.46.108
Port: 900
on Microsoft Windows computers
Name: 10.30.37.49
Port: 900
Name: 10.30.37.128
Port: 900
on Unix computers
The authentication process is two-sided (both server-side and agent-side) and based on the Diffie-Hellman (DH) protocol. In addition to authenticating clients to the server securely, the DH exchanges a cryptographically-strong symmetric key as a byproduct of successful authentication, which enables the two parties to communicate steadily. After initial authentication is successfully performed, the authentication password will automatically be changed every week to secure communication between server and agents. The symmetric key is changed every hour.
For manually installed agents, you first have to specify the password on the server. By default, this is the organization password you specified during setup. The authentication mechanism will use this password only when establishing connection for the first time; then this password will be changed regularly.
If you want to use a password other than the default, take the following steps:
adcscm.nt_intel -add ServerName Port Password
./adcscm -add ServerName Port Password
|
|
You can select to encrypt data communicated between the agent and the server (encryption uses 3DES with a 168-bit key). By default, encryption is enabled.
To enable or disable encryption manually
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center