Authenticate Administrative Connections
Administrative connections, such as those created by the EMS Administration Tool and the EMS administrative API, are authorized differently than client connections.
When establishing an administrative connection, local authentication is always attempted before JAAS authentication. If the local authentication attempt fails, JAAS authentication proceeds.
It is recommended that users making administrative connections to the EMS server are not defined in both the EMS server’s user configuration file and externally through JAAS. Administrative users should only be defined in one place.
An exception is the default administrative user, admin, which is always defined locally by the EMS server. If the default administrative user is to be defined elsewhere and authenticated through JAAS, one can set an undisclosed password for the default administrative user in the EMS server's user configuration file (users.conf) so that local authentication of the admin user never succeeds, thus allowing JAAS to handle authentication.