The Authentication Agent allows you to authenticate on one computer where all the devices required for authentication are connected to get authorized access to another computer or z/OS mainframe, where one of the following condition is true:
It is not possible to redirect the authentication devices.
It does not support devices that are used for authentication.
The Authentication Agent can be installed only on the Windows computer.
You must select Authentication Agent in the Chains list of Linux Client to initiate the authentication process on Windows computer where the Authentication Agent is installed.
To enable the Authentication Agent chain in the Linux Client, perform the following steps:
Navigate to /opt/pam_aucore/etc/ and open pam_aucore.conf file.
Specify authentication_agent_enabled = true in the configuration file.
If the configuration file does not exist, you must create it.
Click Save.
Restart your computer.
This scenario describes how you can perform authentication on Windows computer and auto-sign in to Linux computer using the Authentication Agent.
Mark uses the SSH to access Linux computer. But, the devices required for authentication such as FIDO U2F token and card reader are not supported in SSH. He cannot get authenticated to Linux computer because it is not possible to redirect the authentication devices. In this case, Mark can use Authentication Agent to perform authentication on Windows computer and get seamless access to Linux computer.
Consider the following setup:
Windows computer is installed with the Authentication Agent and is connected with the devices used for authentication such as FIDO U2F token and card reader.
Linux computer is where the Authentication Agent chain is enabled using the config.properties file and is not connected with the authentication devices.
The following sequence describes the authentication process using the Authentication Agent:
Specify user name and the chain number corresponding to the Authentication Agent chain in Linux computer.
The Authentication Agent on Windows computer launches a restricted browser.
Select the preferred chain to log in to Linux computer in the restricted browser.
Perform the authentication using the FIDO U2F token and card reader in the restricted browser.
Mark is logged in to Linux computer automatically.