Deployment Solution 481
Deployment Agent Authentication
The authentication process starts with the Deployment Solution installer generating a
security key and writing it in the server.key file. You can find the security key at the
following location:
HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Altiris eXpress > Options >
Security > ServerSecurity registry key.
This security key is a random numeric value that is generated automatically. When the
Deployment Server starts, the server reads this registry key.
The AClient has to add the automatically generated security key to the AClient registry
by specifying the server.key file path.
To specify the server.key file path
1. Click Start > Program > Altiris > Deployment Solution > Configuration >
Options > Authentication > Add Key.
2. Select the Server.key file and click Open.
Note:
The AClient also has to select the Enable key based authentication check box in
Start > Program > Altiris > Deployment Solution > Configuration > Options >
Transport tab. If this option is not selected, server authentication fails.
The Deployment Server stores the security key at the following location:
HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Client Service >
DSAuthentication
The AClient stores the security key at the following location:
HKEY_LOCAL_MACHINE > SOFTWARE > Altiris > Client Service > SecurityKey
A random challenge key is generated, which is unique to the AClient. The AClient
encrypts this challenge key and stores the challenge key in the registry using the
security key.
The AClient sends the following connection request to the server in the form of Cipher
Tex t.
Request=Authenticate
CipherText=…
The Deployment Server uses the ServerSecurity key stored in its registry and decrypts
the Cipher Text. Using the same key, the server again encrypts the challenge key and
sends the following reply in the form of Cipher Text.
Reply=Authenticate
CipherText=…
The AClient decrypts the Cipher Text using the challenge key already stored in its
registry. It compares the decrypted Cipher Text with the random key it has generated.
If the two keys match, the server authenticates the AClient connection. If the keys do
not match, the authentication fails. The connection is closed and the AClient status is
updated to Server Authentication failed.
The keys stored on the Server and at the AClient are the same. These keys, however,
look different because they are altered using random bytes, and are encrypted using a
constant key. The Cipher text sent on the wire also looks different in request
To Next Page
Loading...