login about faq


Suppose we wrap a Java application which uses Tectia ConnectSecure API, as a NT service. I wanted to get an idea if the service will run without problems(settings will be "Log on as:"=> Local System Account). How will the User/Server authentication work in this case ?. I mean what settings should be changed in broker so that it can store/view the keys?.


asked Sep 20 '11 at 15:22

nitin's gravatar image


Tectia clients were not designed to be used in special system accounts, but in general it is possible to use them there, I believe including the APIs. It will not be as easy to setup as for normal user, but it is possible. LocalSystem account (sometimes called as SYSTEM) does not allow for any interaction, that is where the difficulty comes from.

  • First the broker probably needs to be started separately as a service running in system account. See good instruction e.g. here.
  • Then you will have to setup manually the hostkeys of servers where the service will be connecting to in the SYTEM account’s %USERPROFILE% directory, or you can also use broker’s configuration option <auth-server-publickey policy="tofu"/>, which will make broker to automatically accept the hostkeys on new servers on first use. If the host key changes later (for example by man inserting in the middle attack) the connection would fail (which is desired). For more see this link in manual. Hostkeys of SYSTEM account are stored here:


  • And you will have to manually generate and store the keys for public key authentication in to appropriate location:


Broker configuration file location of SYSTEM account is:


In case you use 64 bit Windows all the above locations are actually starting with:


Note: the path to SYSTEM account's profile directory above are valid for Windows Vista and onwards (including the server versions 2008 and onwards). See the first link for paths on older systems.


answered Sep 20 '11 at 22:27

Martin%20Dobsik's gravatar image

Martin Dobsik

edited Sep 21 '11 at 10:39

Thanks very much for your details.

(Sep 21 '11 at 11:39) nitin nitin's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Sep 20 '11 at 15:22

Seen: 3,643 times

Last updated: Sep 21 '11 at 12:25

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.