Authentication Methods

FootPrints supports the following methods of password verification for FootPrints users:

FootPrints authentication (default)

LDAP authentication

Windows NT/2000 authentication (Windows NT/2000 only)

UNIX authentication (UNIX only)

The authentication method is selected under Administration | System | Users | Authentication on the FootPrints Toolbar. This option is for password authentication only; user accounts must still be created for all users. This is a system-wide option, so the same authentication method must be used for ALL users, including Customers.

There are a variety of ways to add users to the system:

Administrators:

♦ Manually from the Administration | Project | Users Add Agents option.

Agent Users:

♦ Manually from the Administration | Project | Users | Add Agents option.

♦ Agents can be imported from a text file; see Administration | System | User Management.

Customers:

♦ Manually from the Administration | Project | Users Add Customers option.

♦ Auto Added to FootPrints from the network password file (if NT/2000, LDAP or UNIX authentication is enabled). See the

“Auto Add Customers” option under System Administration.

♦ Customers can create their own unique accounts and passwords (if FootPrints authentication is enabled). This option is available on the “Auto Add Customers” screen only if FootPrints authentication is enabled.

♦ If unique IDs and passwords are not required for customers, a single shared ID and password can be created for all Customers. Customers then identify themselves by a single unique key (the primary key), such as “Email address”. If an external authentication method is selected, the shared ID must exist in the network password file.

Authentication Methods

FootPrints Authentication (default)

When FootPrints authentication is selected, the FootPrints password file is checked when a user logs in.

Windows NT/2000 Authentication

When NT/2000 Authentication is selected, the NT/2000 domain password file is used authenticate a user’s password.

To configure NT/2000 Authentication:

1. Select “Windows NT” from the “Change Authentication Technique” drop-down list.

2. Fill in the NT domain name in the box provided. Multiple domains can be added; each must be entered on a separate line.

3. Enter your Windows network password and click “GO”.

4. Your ID and password will be checked against the domain password file. If either the ID or password isn’t found, you will receive an error message, and the change to NT authentication will not be made.

Remember, the network ID and FootPrints ID for every user in FootPrints must be identical. For example, if the user’s NT/2000 domain ID is “jsmith”, her FootPrints ID must also be “jsmith”. This must be the case for all Agent and Administrator users. If you do not require unique IDs and passwords for your employee customers or external customers, you can create a shared ID for all Customer users. That shared ID must still be present in the network password file. Please see the section above for more information about how Customer accounts can be created in FootPrints.

LDAP Authentication

When LDAP authentication is selected, the LDAP server password file is used to authenticate a user’s password.

To configure LDAP Authentication:

1. Select “LDAP” from the “Change Authentication Technique” drop-down list.

2. Enter the LDAP Server Name.

3. Enter the LDAP Server Port (389 is the standard port).

4. Enter the LDAP Base DN. This is the search base for user IDs. (uid). An example is: ou=people,o=server.com

5. If multiple DNs exist, enter each on a separate line. They will be searched in order for authentication from top to bottom.

6. Optionally enter login information to allow Authentication, including Distinguished Name and Password. This can be left blank if the LDAP server allows anonymous binding.

7. Enter your FootPrints password and click “GO”.

8. Your ID and password will be checked against the LDAP password file. If either the ID or password isn’t found, you will receive an error message, and the change to LDAP authentication will not be made.

Remember, the LDAP ID and FootPrints ID for every user in FootPrints must be identical. For example, if the user’s LDAP ID is

“bjones”, his FootPrints ID must also be “bjones”. This must be the case for all Agent and Administrator users. If you do not require unique IDs and passwords for your employee customers or external customers, you can create a shared ID for all Customer users. That shared ID must still be present in the LDAP password file. Please see the section above for more information about how Customer accounts can be created in FootPrints.

FootPrints Reference Manual

150

UNIX Authentication

When UNIX authentication is selected, the UNIX password file to used to authenticate a user’s password. This option is only available if FootPrints is installed on a UNIX or Linux server.

To configure UNIX password authentication:

1. Select “UNIX Authentication” from the “Change Authentication Technique” drop-down list.

2. Enter your FootPrints password and click “GO”.

3. Your ID and password will be checked against the UNIX password file. If either the ID or password isn’t found, you will receive an error message, and the change to UNIX authentication will not be made.

No other information needs to be defined; FootPrints will automatically find the UNIX password file for the system. Remember, the UNIX ID and FootPrints ID for every user in FootPrints must be identical. For example, if the user’s UNIX ID is “ebennet”, her FootPrints ID must also be “ebennet”. This must be the case for all Agent and Administrator users. If you do not require unique IDs and passwords for your employee customers or external customers, you can create a shared ID for all Customer users. That shared ID must still be present in the UNIX password file. Please see the section above for more information about how Customer accounts can be created in FootPrints.

NOTE FOR ALL AUTHENTICATION METHODS: If Windows NT/2000, LDAP or UNIX authentication is chosen, new users are created in FootPrints, and then the authentication method is switched back to FootPrints, the users’ passwords will default to their user IDs. Users who were already added to FootPrints before switching to an alternative authentication method retain their original FootPrints passwords.