Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1281
Views
0
Helpful
0
Comments

How to change the nonce-lifetime on the Edge Proxy (EP) in Service Agent (SA) 2.0

TCC_2
Level 10
Level 10

‎06-22-2009 04:13 PM - edited ‎03-12-2019 08:41 AM

Core Issue

In security engineering, a nonce is a number used once. It is often a random number issued in an authentication protocol to ensure that old communication cannot be reused in replay attacks. The nonce-lifetime is global, and is not specific for each device.

The EP nonce-lifetime by default is configured to 60 minutes. This means that the first message after the 60 minute period of time gets 407 challenge by the EP.

Resolution

The nonce-lifetime is configured only via script and not the CLI.

Complete these steps to change the nonce-lifetime to a longer period of time:

  1. As dsuser, login to the machines where EP is located.

  2. cd to the EP INSTALL_DIR/scripts.

  3. Edit the script called dsedge_auth.xcl with the new value.

    For example:

    dsuser$vi dsedge_auth.xcl

    ce-lifetime="$nonce-lifetime">

  4. For the changes to take affect, execute one of these steps:

  • Telnet to the EP CLI, and issue a commit with a new version number. A commit always forces the server to read the xcl scripts from the disk again.

    For example:

  dsedge>commit ["-v"]

  dsedge>commit -v nonce

  • Restart the EP.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents