Authenticate Administrative Connections
Administrative connections, such as those created by the EMS Administration Tool and the EMS administrative API, are authenticated differently than client connections.
When establishing an administrative connection, local authentication is always attempted first, regardless of the authentication methods specified through user_auth
. If the local authentication attempt fails, authentication will proceed as per the user_auth
parameter.
It is recommended that users making administrative connections to the EMS server are not defined both locally (users.conf
) and externally (in an external directory, or an OAuth 2.0 provider). Administrative users should only be defined in one place.
An exception is the default administrative user, admin, which is always defined locally by the EMS server. If the default administrative user is to be defined elsewhere and authenticated through jaas
or oauth2
authentication methods, one can set an undisclosed password for the default administrative user in the EMS server's user configuration file (users.conf) so that local authentication of the admin user never succeeds, thus allowing the other authentication methods to be used instead.