Server Information—External Authentication tab

Use the External Authentication tab to specify values for parameters necessary for AR System to authenticate users with external systems.

1 Open the server window.

2 Select a server to administer.

3 Choose File > Server Information.

4 Click the External Authentication tab.

Figure 5-11: Server Information window—External Authentication tab

Configuring AR System servers
163 5 Edit the options, as needed:

Group Name Field Name Description External

Authentication Server RPC Program Number

Enables an external authentication (AREA) server. The RPC program number for the plug-in service is 390695. Entering no value or zero (0) disables authentication using an AREA service, and the AR System server will access the operating system for authentication purposes.

Note:You must have an AREA server built and prepared before you set the RPC Socket number here. See the C API Reference guide for information.

For more information about how to set up an external authentication server, see “Configuring a server to use plug-ins”

on page 197. For information about configuring an AREA LDAP plug-in, see the Integrating with Plug-ins and Third-Party Products guide.

External Authentication Server Timeout (seconds)

RPC Sets the time limit (in seconds) within which the Plug-in server must respond to the AR System server when making external authentication (AREA) calls before an error is returned.

If this is set to zero (0), the AR System server uses the default of 30 seconds.

Need To Sync Sets the interval for periodically invoking the AREA server’s AREANeedToSyncCallback() call. If this option is set to zero (0), the AR System server does not invoke the call to the external authentication server. The default is 300 seconds.

For more information about the external authentication server, see “Configuring a server to use plug-ins” on page 197, and the C API Reference guide.

Authenticate Unregistered Users

Defines how AR System validates a user who has no record in the User form.

When a user logs in to AR System, the server attempts to validate the user against registered users (users who are listed in the User form). If a match is found, that user definition and the permissions specified in the matching User record are used. If no match is found, AR System continues to attempt to validate the user or stops the validation process depending on whether this option is selected. If the check box is:

Selected, and External Authentication is not configured—

(Default on UNIX servers) On a UNIX server, AR System searches the /etc/passwd file or NIS password map for a match. If a match is found, the user is considered a valid user (not a guest) of the system. The UNIX group specification from the file or NIS is retrieved, and the user is considered a member of the AR System group whose Group ID matches the UNIX group.

On a Windows server, the AR System authenticates to the default domain. The optional authentication string entered by the user when logging in is used as the Windows domain name for authentication purposes.

On Windows servers, the user is considered a member of the group whose Group ID is 0.

Selected, and External Authentication is configured—

AR System sends a request to the external authentication server to authenticate the user. If a match is found, the user is considered a valid user (not a guest user) of the system. For more information, see “Configuring a server to use plug-ins”

on page 197.

The authentication string entered by the user when logging in is passed to the external authenticator for its use.

Cleared—(Default on Windows servers)AR System stops the validation process and manages the user as a guest user if Allow Guest Users is enabled.

For information about configuring external authentication, see

“To set server ports and queues” on page 149.

Ignore Excess Groups

Enables AR System to authenticate a user when any single LDAP group to which the user belongs matches an AR System group.

Group Name Field Name Description

Configuring AR System servers
165 Cross Ref Blank

Password

Defines how AR System authenticates a user whose User form record has no password. When a user logs in, AR System searches its own database for that user. If the user has a password, the system uses it. If the Password field is empty, and the check box is:

Selected—AR System attempts to validate the password against one of the following items:

An external authenticator if one is configured

The password in the Windows server domain

The UNIX server’s /etc/passwd file

Cleared—(Default) AR System concludes that an empty password field means that the user has no password.

In the Login window, users will see an Authentication field. If your AR System server is running on Windows, the contents of this field are used as a domain name when the server

authenticates the user with the operating system. If the server is instead configured to use an external authenticator, the contents of this field are passed to the authenticator. See

“Setting up an authentication alias” on page 116 for more information about authentication aliases.

Authenication Chaining Mode

You specify the order in which the different authentication processes are considered at log in.

Default—Disables authentication chaining.

ARS - AREA—AR System attempts to authenticate the user using the User form, and then the AREA plug-in.

AREA - ARS—AR System attempts to authenticate the user using the AREA plug-in, and then the User form.

ARS - OS- AREA—AR System attempts to authenticate the user using the User form, then Windows or UNIX authentication, and then the AREA plug-in.

ARS - AREA - OS—AR System attempts to authenticate the user using the User form, then the AREA plug-in, and then Windows or UNIX authentication.

Group Name Field Name Description

Group Mapping In previous releases of AR System, the names of LDAP groups had to match the names of AR System groups for a user to be authenticated. With AR System 7.0, you can map LDAP groups to AR System groups. You use the Group Mapping table on the External Authentication tab in the Server Information window to map LDAP groups to AR System groups.

LDAP Group Name

The name of LDAP group you want to map to the AR group in the same row of the Group Mapping table.

AR Group Name The name of AR group you want to map to the LDAP group in the same row of the Group Mapping table.

Group Name Field Name Description

Configuring AR System servers
167