In addition to executing API calls, PSRUN also provides authentication factors to the server. These factors assist in verifying the client's identity.
When PSRUN executes an API call, it sends these factors as part of the header. On the server, the received factors are verified via user-configured PSRUN rules. If there are no rules, no validation takes place, and the server sends back the requested API response.
For each rule, the received factors are checked against the expected rule values. If a rule fails, the next rule is attempted. If the rule passes, the factors are considered valid.
Additionally, a unique signature is sent by PSRUN. If the factors pass the rule and signature verification is enabled, the server recomputes the signature and attempts to match it with the one sent by the client. If the signatures match, the signature is considered verified. Signature verification is an extra check to ensure the client and server are in sync so that out-of-date clients will not be authenticated.
The list of accepted PSRUN factors can be specified in BeyondInsight:
- IP address
- MAC address
- System name
- Domain name
- User ID
- Root volume ID
- OS version