The new AuthRsaAce plug-in uses a Java API provided by RSA. This API determines which files to use and how to log are based on settings in a rsa_api.properties file. By default the rsa_api.properties file is located in the <base_dir>/run/ace directory where <base_dir> is the directory 8950 AAA was installed in. The location of the rsa_api.properties file can be changed by setting the AuthRsaAce-ConfigPath property of the AuthRsaAce plug-in.
The following table describes the key-value settings in the properties file.
| IP Override | ||
| Key | Description | Acceptable Values |
|
RSA_AGENT_HOST |
Indicates the IP address of the Agent Host in the RSA Authentication Manager database. |
Any valid IP address. Note: Specify a local IP address in case the Agent Host has multiple IP addresses. |
| Refresh Interval | ||
| Key | Description | Acceptable Values |
|
RSA_CONFIG_READ_INTERVAL |
Indicates the interval of time in seconds that separates each reloading of the configuration file. |
0-86400 (24 hours) The default is 600 seconds. |
| Server Configuration | ||
| Key | Description | Acceptable Values |
|
SDCONF_TYPE |
Indicates the data type of the RSA Authentication Manager
configuration file, or sdconf.rec.
|
The data type is always FILE. |
|
SDCONF_LOC |
Indicates the path to the RSA Authentication Manager configuration
file, or sdconf.rec.
|
The applicable path. For example: /var/ace/api/sdconf.rec or C:\\WINDOWS\\system32\\sdconf.rec |
| Server Status | ||
| Key | Description | Acceptable Values |
|
SDSTATUS _TYPE |
Indicates the data type of the RSA Authentication Manager server status file. |
The data type is always FILE. |
|
SDSTATUS_LOC |
Indicates the path to the RSA Authentication Manager server status file. |
The applicable path. For example: /var/ace/api/JAStatus.1 or C:\\WINDOWS\\system32\\JAStatus.1 |
| Optional Configuration | ||
| Key | Description | Acceptable Values |
|
SDOPTS _TYPE |
Indicates the data type of the RSA Authentication Manager optional configuration file. |
The data type is always FILE. |
|
SDOPTS_LOC |
Indicates the path to the RSA Authentication Manager optional configuration file.
|
The applicable path. For example: /usr/ace/api/sdopts.rec or C:\\WINDOWS\\system32\\sdopts.rec |
| Node Secret | ||
| Key | Description | Acceptable Values |
|
SDNDSCRT _TYPE |
Indicates the data type of the RSA Authentication Manager node secret file. |
The data type is always FILE. |
|
SDNDSCRT_LOC |
Indicates the path to the RSA Authentication Manager node secret file. |
The applicable path. For example: /var/adm/ace/api/securid or C:\\WINDOWS\\system32\\securid |
| Event Log | ||
| Key | Description | Acceptable Values |
|
RSA_LOG_TO_CONSOLE |
If NO, event logs are not sent. Valid only if RSA_LOG_LEVEL is not set to OFF. |
YES or NO The default is NO. |
|
RSA_LOG_TO_FILE |
If set to YES, event logs are sent to the log file specified by RSA_LOG_FILE. If No, event logs are not sent. Valid only if RSA_LOG_LEVEL is not set to OFF. |
YES or NO The default is YES. |
|
RSA_LOG_FILE |
Indicates the path to the log file. Valid only if RSA_LOG_TO_FILE is set to YES. |
The applicable path. For example: /var/ace/api/my_api_events.log or C:\\WINDOWS\\system32\\my_api_events.log |
|
RSA_LOG_LEVEL |
Indicates the minimum log level. Events below this level are not logged. |
OFF, DEBUG, INFO, WARN, ERROR, or FATAL The default is INFO. |
| Debug Trace | ||
| Key | Description | Acceptable Values |
|
RSA_ENABLE_DEBUG |
If YES, debug tracing is enabled. If NO, debug tracing is disabled. |
YES or NO The default is NO. |
|
RSA_ DEBUG _TO_CONSOLE |
If YES, debug traces are sent to the console. If NO, debug traces are not sent. Valid only if RSA_ENABLE_DEBUG is set to YES. |
YES or NO The default is NO. |
|
RSA_ DEBUG _TO_FILE |
If YES, debug traces are sent to the file specified by RSA_DEBUG_FILE. If NO, debug traces are not sent. Valid only if RSA_ENABLE_DEBUG is set to YES. |
YES or NO The default is YES. |
|
RSA_ DEBUG _FILE |
Indicates the path to the debug trace file. Valid only if RSA_ENABLE_DEBUG is set to YES. |
The applicable path. For example: /usr/ace/api/my_api_debug.log or C:\\WINDOWS\\system32\\my_api_debug.log |
|
RSA_ DEBUG _ENTRY |
If YES, function entries are traced. If NO, function entries are not traced. Valid only if RSA_ENABLE_DEBUG is set to YES. |
YES or NO The default is NO. |
|
RSA_ DEBUG _EXIT |
If YES, function exits are traced. If NO, function exits are not traced. Valid only if RSA_ENABLE_DEBUG is set to YES. |
YES or NO The default is NO. |
|
RSA_ DEBUG _FLOW |
If YES, flow statements are traced. If NO, flow statements are not traced. Valid only if RSA_ENABLE_DEBUG is set to YES. |
YES or NO The default is NO. |
|
RSA_ DEBUG _NORMAL |
If YES, regular statements are traced. If NO, regular statements are not traced. Valid only if RSA_ENABLE_DEBUG is set to YES. |
YES or NO The default is NO. |
|
RSA_ DEBUG _LOCATION |
If YES, class name and line number are displayed in the trace. If NO, class name and line number are not displayed in the trace. Valid only if RSA_ENABLE_DEBUG is set to YES. |
YES or NO The default is NO. |