Accession Lite is started automatically when each user logs in; it acts as an authentication agent.[171] The GUI application provides the same functionality as the ssh-agent and ssh-add programs that are used on Unix systems.[172]
The easiest way to access the Accession Lite GUI, shown in Figure 16-5, is to double-click the icon in the tool tray on the taskbar. The Tectia Client and Connector applications also have icons and menus for Accession Lite. Normally, Accession Lite stops automatically when the user logs out (or the system is shut down), but if it needs to be stopped manually for some reason, use the File /Quit menu item.
The main Accession Lite window displays information about the loaded keys and a log of its operations in separate panes.
The toolbar icons or equivalent items in the Tools menu can be used to perform actions:
Add a key to the agent: a series of dialogs prompt for the filename and a passphrase.
Delete a selected key from the agent.
Lock or unlock a selected key: dialogs prompt for a passphrase.
Edit attributes for a selected key: this presents the Key Attributes page (Figure 16-6) of the Settings dialog, which can also be obtained via the Settings toolbar icon or the Edit/Settings menu item.
The default attributes apply to all of the keys, unless overridden for specific keys. Keys can be set to expire after a specified time, and can be limited to a maximum number of uses. Forwarding can be restricted to a limited number of hops, or more
generally according to a constraint string, which uses the same syntax as the ssh-add -F option. [6.3.3]
A short alias can be assigned to each key; these are optionally displayed by the GUI instead of the more verbose descriptions according to settings on the Appearance page.
"Enable key compatibility" means that SSH-1 keys can be used by SSH-2 clients, and vice versa. Support for SSH-1 and SSH-2 client connections is controlled independently by checkboxes on the Compatibility page.
If "Confirm key operations" is checked, then the agent prompts for each use of the key. "Test private key" requires the agent to verify that the certificate corresponds to the key whenever it is used.
The Compatibility page allows a single key to be loaded automatically when Accession Lite starts. To load an entire collection of keys automatically, use the Key Providers page and add the Software provider. This emulates a smart card by monitoring a specified folder, and automatically adding or deleting keys in the agent as they are created or removed from the folder.
The Log page allows the transaction log that is displayed in the log pane of the main window to be saved to a file.
By default, all configuration settings are saved automatically; this can be disabled by a setting on the Appearance page. The File/Save Configuration menu item is used to manually record configuration changes.