XAC: Why is XUA UAGROUP required if Safeguard PRIV-LOGON flag is set on.

XAC: Why is XUA UAGROUP required if Safeguard PRIV-LOGON flag is set on.

When the XUA SEEP is enabled, Safeguard delegates all logon processing to XUA.  XUA requires the SAFEGUARD_PRIVLOGON to be set to ON to allow a password-less logon when all criteria are met.
 

Safeguard passes the bit from user_authenticate_ that indicates the requesting progam wants to do a safeguard-privlogon.  In addition without that rule, programs that try to use the safeguard_privlogon mode of user authentication are denied. 

For further information refer to the XYGATEAC and XYGATEUA manual for a complete description on the SAFEGUARD_PRIVLOGON keyword.

If this article did not provide a solution, please open a case with our support team by sending an email message to support@xypro.com.

    • Related Articles

    • XUA: How do I test Safeguard PRIV-LOGON functionality in EXPLAIN mode?

      PRIV-LOGON "what-if" testing may be used if one or more of the following requestors are involved The XYGATEAC object $SYSTEM.SYSTEM.NETBATCH $SYSTEM.ZSSH.SSH2 $SYSTEM.ZSSH.STN $SYSTEM.ZSSH.SFTPSERV $SYSTEM.ZSSH.ELP Any other program requiring ...
    • XUA: How to enable UAGROUP SAFEGUARD-PRIVLOGON

      As of Netbatch SPR T9190AER NetBatch now supports SAFEGUARD Security-Group privileges. Safeguard PRIV-LOGON functionality available beginning with Safeguard releases H06.11 and G06.32. The from_user must be $EVERYONE or $EVERYONE-NET as the NETBATCH ...
    • XAC: How to add SAFEGUARD_PRIVLOGON for an XAC command.

      If the USER_SWITCH is present in both ACCONF and ACACL files, then the value in XAC COMMAND entry in ACACL file will overrule the ACCONF. Add USER_SWITCH SAFEGUARD_PRIVLOGON to the XAC command. In order to use the SAFEGUARD_PRIVLOGON option, create a ...
    • XAC: What Happens To XYGATE/AC (XAC) If Safeguard Fails Or Stops Working?

      Any XAC command that is configured with the keyword and setting "USER_SWITCH SAFEGUARD_PRIVLOGON" would be impacted with Safeguard down. A workaround would be to have an alternate XAC command that does not use the Safeguard PRIV-LOGON function for ...
    • XAC: How to configure keystroke auditing for OSS SSH sessions

      Use the following steps to configure XAC auditing for SSH. Add the XAC command. The XAC command requires the following keywords to be included. USER_IGNORED START_LOGGED_ON USER_SWITCH SAFEGUARD_PRIVLOGON Note: If XYGATE User Authentication (XUA) is ...