Enter a title for easy identification.
The network you select gets associated with the authentication record.
Tell us the user account to be used for authentication on the target hosts. Include 1-31 characters.
Want to use a vault to fetch the password? Tell us if the password should be fetched from the vault (Yes) or not (No). Select YES and tell us the vault type and the vault title.
Skip Password - Select this option if your login account does not have a password.
Clear Text Password - Select this option if your password should be transmitted in clear text when connecting to services which do not support strong password encryption.
When a private-key certificate is specified, the service authenticates the target hosts using the specified credentials.
--You can add one or multiple private keys (RSA, DSA, ECDSA, ED25519) and certificates (X.509 and OpenSSH).
--If you add multiple private-key certificates, you can easily drag and drop the items to change the sequence of the private-key certificates.
--You can opt to get password from vault, add vault user passphrase, and get passphrase from vault.
When a root delegation tool is specified, the service authenticates the target hosts using a lower privileged account and performs scan tests using the elevated privileges of the superuser (root).
--You can add one or multiple root delegation tools (Sudo, Pismu, PowerBroker).
--You can opt to get password from vault, add vault user passphrase, and get passphrase from vault.
--If you add multiple root delegation tools, you can easily drag and drop the items to change the sequence of the root delegation tools.
Tell us the ports to be used to authenticate the target hosts and the service automatically performs compliance scanning using the specified port.
Select Well Knows Ports option if you want us to scan the standard or default ports (22 (SSH), 23 (telnet) and 513 (rlogin)) on the target hosts during authentication.
If services (SSH, telnet, rlogin) are not running on well-known ports for the hosts you will be scanning, then you must define a custom ports list.
Tell us the path where the unique host ID, assigned by Qualys, should be stored on the host (provided you enable agentless tracking).
Add IP addresses to your Unix record. These are the target hosts our service will authenticate to at scan time. You can select a combination of asset groups and IPs/ranges. When you enter asset groups, we'll add all the IPs in the asset groups.
These are the target hosts our service will authenticate to at scan time. First choose the type of assets you want to add to this record and then specify IPs or tags. When tags are specified, we'll resolve them to IP addresses at scan launch time.
Specify the realm discovery method.
Specify the name of the realm that a user belongs to.
Specify the KDC (Key Distribution Center) that is responsible for authenticating users and issuing ticket-granting tickets (TGTs) in the user realm.
If a user wants to access a service that is part of a different realm, specify the name of the realm that the service belongs to.
Specify the KDC (Key Distribution Center) that manages authentication for the service in its realm.
Want to use a vault to fetch the password? Select 'Vault based' and then specify the vault type and the vault title.
Add Comments
Your comments are saved in the authentication record.