Secure Global Desktop Administration Guide > Users and authentication > Login authorities
Read this topic to... |
---|
|
A login authority provides two services:
Each login authority has its own rules for determining the identity and the login profile.
Secure Global Desktop has the following login authorities:
Login authority | Description |
---|---|
Anonymous user |
|
Authentication token |
Note This login authority cannot be used with the classic webtop. |
ENS |
|
NT |
|
LDAP |
|
Active Directory |
|
UNIX Group |
|
UNIX User |
|
SecurID |
|
When a user logs in, the enabled login authorities are tried in the order they are listed in Array Manager (the same as the table above). The first login authority that authenticates a user "wins" and no further login authorities are tried.
Secure Global Desktop Administrators can enable and disable each login authority independently. You can configure login authorities either in Array Manager using the Secure Global Desktop Login panel or by using the tarantella config command. Secure Global Desktop server authentication is configured array-wide.
A successful authentication by a login authority results in an identity or fully qualified name. An identity is a TFN name assigned by a login authority and is the Secure Global Desktop idea of who a user is. The identity is associated with the user's webtop session, their emulator sessions and their entries in the application server password cache.
The identity is not necessarily the name of a person object in ENS. For example, the UNIX User login authority assigns identities in the .../_user namespace. This is because it authenticates against the UNIX/Linux user database.
A user's webtop content and other Secure Global Desktop-specific settings are controlled by a login profile. Each login authority has its own set of rules for determining the login profile. Login profiles are always objects in ENS (this is why they are sometimes called ENS equivalents). A login profile can be a standard person object or a profile object stored in the Tarantella System Objects organization.
For example, although the UNIX Group login authority assigns identities in the .../_user namespace, the login profile is always is always the profile object .../_ens/o=Tarantella System Objects/cn=UNIX User Profile.
To allow you to monitor sessions from Object Manager, all webtop and emulator sessions are shown on the Sessions tab for login profiles, not for identities. This is because Object Manager only lets you search and browse ENS and many identities are in other namespaces.
Copyright © 1997-2006 Sun Microsystems, Inc. All rights reserved.