SOLVE/NetMaster MAI session using RSA Authentication/ Multi-Factor Authentication

book

Article ID: 207758

calendar_today

Updated On:

Products

CA SOLVE: Access Session Management

Issue/Introduction

We would like to confirm a few things in regards to RSA Authentication with NetMaster.

1 - Which format does the user need to follow for entering the RSA passcode on the NetMaster signon screen?
2 - In order for NetMaster to use MFA, do the following parms have to be set in the NMDRVCTL DD RUNSYSIN member?

- SEC=any value except NO, for example, NMSAF

- XOPT=PWMIX

Environment

Release : 5.0

Component : CA SOLVE:Access Session Management

Resolution

Answer 1.

The format question is a question for your Security Team. The main thing from NetMaster side was to support passphrases which also caters for MFA tokens that can be >8 characters.

From the IBM User’s guide for MFA. Chapter 3 refers to TSO/E. Whatever works for TSO/E will work in SOLVE/NetMaster. It looks like the software generated token is the only value entered.

 

 

Answer 2.

All products have the same passphrase support which also enables use for MFA. SEC=NMSAF or SEC=NMSAFF must be used to accept credentials longer than 8 characters. XOPT=PWMIX is required. MFA values are typically entered 'as is'.

Please note: You must have the following PTF applied for SOLVE:Access Session Management to support password phrases and Multi-Factor Authentication (MFA).

RO94161,

RO94151,

RO94141,

RO94150,

RO94140,

RO94149

 

Recommend reviewing our CA NETMASTER SHARED CONTENT LIBRARY 12.1 documentation, Section Multi-Factor Authentication (MFA) Password Support:

https://techdocs.broadcom.com/us/en/ca-mainframe-software/performance-and-storage/ca-netmaster-shared-content-library/12-1/security/multi-factor-authentication-mfa-password-support.html