|Applies To||RSA ACE/Server|
Microsoft Windows NT 4.0
UNIX (AIX, HP-UX, Solaris)
Authentication via ACE/Server fails when using a NAS with Dialback (or callback).
|Issue||Dialback (or callback) fails with ACE/Server authentication|
|Cause||Normally, a NAS will cache the username and PASSCODE credentials before dialling back to the end-user. When the connection is re-made, the NAS will re-present the cached credentials for authentication. ACE/Server will reject the authentication attempt since any one PASSCODE can only be used once only. Note that authentication against a password held in the ACE/Server will work.|
|Resolution||Some NAS's can be reconfigured not to re-present the credentials for authentication.|
An alternative (and secure) solution to this issue is to use a toll-free number. Once the authentication is successful, the end-user will gain access immediately. This is more secure since the connection is the same one that was authenticated. If dialback were made to work without reauthentication (or using cached credentials), there is no guarantee that the new connection is to the same end point as the one that had made the call previously.
|Legacy Article ID||a3744|