Operating System User Authentication

User name and password authentication can be done using the operating system to authenticate the user. When operating system authentication is used and a security domain requestor first tries to connect to a metaspace, TIBCO ActiveSpaces prompts the user to enter their:

Login domain name (on Windows systems)

Login user name

Login password

For example, suppose you normally log into Windows using “AcmeInc\brady” for your domain and user names and “abc123” for your password. You should enter:

“AcmeInc” when prompted for the domain

“brady” when prompted for the user name

“abc123” when prompted for the password

The logon information entered is passed to the security domain controller, which tries to perform user authentication with the operating system.

When operating system based user authentication is configured:

• Pluggable Authentication Modules (PAM) is used on UNIX and Linux systems
• NTLM/Kerberos is used on Windows systems

To configure the security policy file to perform user name and password authentication using the operating system, set the authentication setting as follows:

authentication=userpwd;source=system;service=login;hint=<message to display to user>

The service setting specifies the operating system application to use for authentication. Currently this setting is ignored for Windows and is only used for UNIX systems. Specifying service=login causes the UNIX “login” system access application to be used to authenticate security domain requestor users. You can use the service setting to redirect PAM authentication requests to other local authentication applications.

Copyright © Cloud Software Group, Inc. All rights reserved.