Instead of a fixed password, SecurID combines two factors to create a dynamically changing password. SecurID issues a credit card sized device called an authenticator that has an LCD window that displays a randomly generated string of numbers called a token code that changes every minute. The user also has a personal identification number (PIN). When the user logs in, he enters a user name and the current token code plus his PIN.
SecurID Authentication Device (Authenticator):
A SecurID Ace server supports the following types of users and authentication features:
Auth users
L2TP users (user authentication; L2TP user receives default L2TP settings from the security device)
XAuth users (user authentication; no support for remote setting assignments)
Admin users (user authentication; admin user receives default privilege assignment of read-write)
At present, a SecurID ACE server cannot assign L2TP or XAuth remote settings or admin privileges, although you can use a SecurID server to store L2TP, XAuth, and admin user accounts for authentication purposes. SecurID also does not provide user group support.
For more information on the SecurID type of server, refer to the Concepts & Examples ScreenOS Reference Guide available on the documentation CD that shipped with your Juniper Networks product and also on the Juniper Networks documentation site.