SOLVE/NetMaster MAI session using RSA Authentication/ Multi-Factor Authentication
Article ID: 207758
Updated On:
Products
Issue/Introduction
We would like to confirm a few things in regards to RSA Authentication with NetMaster.
1 - Which format does the user need to follow for entering the RSA passcode on the NetMaster signon screen?
2 - In order for NetMaster to use MFA, do the following parms have to be set in the NMDRVCTL DD RUNSYSIN member?
- SEC=any value except NO, for example, NMSAF
- XOPT=PWMIX
Environment
Release : 5.0
Component : CA SOLVE:Access Session Management
Resolution
Answer 1.
The format question is a question for your Security Team. The main thing from NetMaster side was to support passphrases which also caters for MFA tokens that can be >8 characters.
From the IBM User’s guide for MFA. Chapter 3 refers to TSO/E. Whatever works for TSO/E will work in SOLVE/NetMaster. It looks like the software generated token is the only value entered.
Answer 2.
All products have the same passphrase support which also enables use for MFA. SEC=NMSAF or SEC=NMSAFF must be used to accept credentials longer than 8 characters. XOPT=PWMIX is required. MFA values are typically entered 'as is'.
Please note: You must have the following PTF applied for SOLVE:Access Session Management to support password phrases and Multi-Factor Authentication (MFA).
RO94161,
RO94151,
RO94141,
RO94150,
RO94140,
RO94149
Recommend reviewing our CA NETMASTER SHARED CONTENT LIBRARY 12.1 documentation, Section Multi-Factor Authentication (MFA) Password Support:
https://techdocs.broadcom.com/us/en/ca-mainframe-software/performance-and-storage/ca-netmaster-shared-content-library/12-1/security/multi-factor-authentication-mfa-password-support.html
Feedback
