|Applies To||RSA ACE/Server 5.0.1 (no longer supported as of 8-15-2004)|
RSA ACE/Server 5.0.2 (no longer supported as of 8-15-2004)
RSA ACE/Server 5.0.3 (no longer supported as of 8-15-2004)
RSA ACE/Server 5.1 (no longer supported as of 7-14-2006)
Disable Open To All Locally Known Users (OTALKU) in ACE/Administration Agent Host definition
|Issue||How to configure cross realm authentication when agent hosts are not "open to all locally known users"|
How to configure cross realm where users home realm controls user activation to client on hub realm
All remote users on a Hub Realm will be disabled on an Agent Host if you uncheck OTALKU in that Agent Host definition
|Resolution||Directly activate existing Remote Users, or add them to a group and activate the group. Future Remote (Cross-Realm) Users will need to be created and activated manually on the Hub Realm.|
As an alternative solution, define the same Agent Host on the Home Realm for the Remote Users. Have the Administrator for the Home Realm activate the desired users or groups on the Agent Host of the Home Realm.
Then, uncheck OTALKU for the Agent Host definition in the Hub Realm, and have Search other realms for users turned on.
Select: Users -> Delete Users on the Hub Realm, and choose Delete All Remote Users.
NOTE: The Names used for the Agent Host Definition must be exactly the same in both Realms or you will receive the error message User Not On Agent Host. The name will force to whatever is defined in the hosts table of the ACE/Server system. Also, you must change the hosts table prior to changing the definition in the ACE/Server.
|Legacy Article ID||a15144|