Authentication identifies members of a trusted computing base, based on the credentials provided.
Members of a trusted computing base are as follows:
Primarily, these are homogeneous security principals from the current operating system. These could be, for example, Windows users (Active Directory, domain or local), UNIX (LDAP), or UNIX local users.
Computers that are part of a trusted computing base, such as Windows NT, can be identified and authenticated. Theoretically, UNIX computers could be identified, as they also are part of a trusted computing base that we can establish a trust relationship with.
Different information is used to authenticate a user or machine, as follows.
Different applications have differing requirements for authentication. If possible, unified logon is used, that is, the user's current credentials are used implicitly rather than prompting the user for explicit credentials.
However, in some cases, these credentials are not valid for the resource they are accessing or special operations may require reauthentication. When unified logon is not to be used or the credentials are not valid, a GUI application will be able to prompt for credentials whenever they are required, whereas a command line application running in batch mode will fail and record an authentication error.
If you are using an LDAP security provider for authenticating users against a directory when you specify login credentials, make sure these credentials are valid for the target directory and are fully specified. For an Active Directory you should use the full LDAP DN, for example:
CN=user,OU=Users,OU=myOU,DC=mydomain,DC=com
When using external generic LDAP directories for authentication, access rights must be given directly to the authenticating objects, as group membership cannot be directly evaluated. This does not apply to Active Directory.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|