Overview of AREA authentication

To authenticate users, AR System can use internal (User form) authentication, external authentication, or a combination of the two. If you use a combination, you can specify the order in which each type of authentication is attempted.

Configuring authentication processing:

About the AREA LDAP plug-in

AR System includes a sample AREA LDAP plug-in. It is installed during installation of the AR System server if you select the AREA LDAP Directory Service Authentication plug-in option. If you did not select this option during the original installation, you can install the plug-in by rerunning the AR System server installer and selecting the plug-in option.

Note: To use external authentication, you must set the External Authentication Server RPC Program Number field to 390695.

To use external authentication, select one of the following options in the EA tab in the AR System Administration: Server Information form: Authenticate Unregistered Users. Cross Reference Blank Password.

Authenticating unregistered users When the Authenticate Unregistered Users option is selected, AR System first attempts to find the user in the User form. If the user exists in the User form, AR System attempts authentication through that form. If the user does not exist in the User form, AR System attempts authentication through the AREA plug-in. Cross-referencing blank passwords When the Cross Reference Blank Password option is selected, AR System attempts to authenticate through the User form if the user provides a password. If the user and password match a record in the User form, the user passes authentication. If the user does not provide a password, AR System attempts to cross-reference the user with an external system through the AREA plug-in.

Specifying authentication chaining mode

Mode Off ARS AREA AREA - ARS ARS - OS - AREA

ARS - AREA - OS

Description Disables authentication chaining. AR System attempts to authenticate the user by using the User form and then the AREA plug-in. AR System attempts to authenticate the user by using the AREA plug-in and then the User form. AR System attempts to authenticate the user by using the User form, then Windows or UNIX authentication, and then the AREA plug-in. AR System attempts to authenticate the user by using the User form, then the AREA plug-in, and then Windows or UNIX authentication

Determining AREA behaviour: Several factors affect how AR System authenticates users, including these: Whether Authenticate Unregistered Users is selected Whether Cross Reference Blank Password is selected The value of the External Authentication Server RPC Program Number field Whether the user exists in the User form and, if so, whether a password exists for the user

The following sections describe AR System authentication behaviour for given Configurations

RPC program number is 390695

User does not exist in User form
Mode Off ARS AREA Description Authentication is performed using AREA LDAP. User information is retrieved from AREA LDAP Authentication is not performed using AR System because the user does not exist in the User form. Authentication is performed using AREA LDAP. If successful, user information is retrieved from AREA LDAP Authentication is performed using AREA LDAP. If successful user information is retrieved from AREA LDAP. Authentication is not performed using AR System because the user does not exist in the User form. Authentication is not performed using AR System because the user does not exist in the User form. Authentication is performed using OS authentication. If successful, user information is retrieved from the OS. If OS authentication fails, user authentication is performed using AREA LDAP. If AREA LDAP authentication is successful, user information is retrieved from AREA LDAP. Authentication is not performed using AR System because the user

AREA - ARS

ARS - OS - AREA

ARS - AREA - OS

does not exist in the User form. Authentication is performed using AREA LDAP. If successful, user information is retrieved from AREA LDAP. If AREA LDAP authentication fails, the user is authenticated using OS authentication. If OS authentication is successful, user information is retrieved from the OS

User exists with no password in User form

Mode Off Description Authentication is performed using AREA LDAP password. User information is retrieved from the User form. Authentication process stops when it fails using AREA LDAP. Authentication is performed using AREA LDAP password. User information is retrieved from User form. Authentication process stops when it fails using AREA LDAP. Authentication is performed using AREA LDAP. If successful, user information is retrieved from AREA LDAP. If AREA LDAP Configuration does not contain all the information in the form, missing information is retrieved from the User Cache. If AREA LDAP authentication fails, authentication processing stops User authentication is performed using AREA LDAP. If successful, user information is retrieved from AR System. If AREA LDAP authentication fails, the user is authenticated using OS authentication. If OS authentication is successful, user information is retrieved from AR System. The user is never authenticated using User form. User authentication is performed using AREA LDAP. If successful, user information is retrieved from AR System. If AREA LDAP authentication fails, the user is authenticated using OS authentication. If OS authentication is successful, user information is retrieved from AR System. The user is never authenticated using User form.

ARS AREA

AREA - ARS

ARS - OS - AREA

ARS - AREA - OS

User exists with password in User form

Mode Off Description Authentication is performed using the AR System User Form. If successful, user information is retrieved from the User form. If User form authentication fails, authentication is not attempted using AREA LDAP Authentication is performed using the AR System User form. If successful, user information is retrieved from the User form. If User form authentication fails, AREA LDAP authentication is attempted. If AREA LDAP authentication is successful, user information is retrieved from AREA LDAP. Authentication is performed using AREA LDAP. If successful, user information is retrieved from AREA LDAP.

ARS AREA

AREA - ARS

ARS - OS - AREA

ARS - AREA - OS

If AREA LDAP authentication fails, authentication is attempted using User form. If User form authentication is successful, user information is retrieved from the User form. Authentication is performed using the AR System User form. If successful, user information is retrieved from the User form. If AR System authentication fails, OS authentication is attempted. If OS authentication is successful, user information is retrieved from the OS. If OS authentication fails, AREA LDAP authentication is attempted. If AREA LDAP authentication is successful, user information is retrieved from AREA LDAP Authentication is performed using the AR System User form. If successful, user information is retrieved from the User form. If AR System authentication fails, AREA LDAP authentication is attempted. If AREA LDAP authentication is successful, user information is retrieved from AREA LDAP. If AREA LDAP authentication fails, OS authentication is attempted. If OS authentication is successful, user information is retrieved from the OS

RPC program number is 0

User does not exist in User form

Mode All Authentication chaining modes Description Authentication is performed using OS authentication. If successful, user information is retrieved from the User form. If OS authentication fails, authentication processing stops.

User exists with no password in User form

Mode All Authentication chaining modes Description Authentication is performed using OS authentication. If successful, user information is retrieved from the User form. If OS authentication fails, authentication processing stops.

User exists with password in User form

Mode Off Description Authentication is performed using the AR System User form. If successful, user information is retrieved from the User form. If AR System authentication fails, authentication processing stops. Authentication is performed using the AR System User form. If successful, user information is retrieved from the User form.

ARS AREA

AREA - ARS

ARS - OS - AREA

ARS - AREA - OS

If AR System authentication fails, OS authentication is attempted. If OS authentication is successful, user information is retrieved from the OS. Authentication is performed using OS authentication. If successful, user information is retrieved from the OS. If OS authentication fails, User form authentication is attempted. If AR System authentication is successful, user information is retrieved from the User form Authentication is performed using the AR System User form. If successful, user information is retrieved from the User form. If AR System authentication fails, OS authentication is attempted. If OS authentication is successful, user information is retrieved from the OS. Authentication is performed using the AR System User form. If successful, user information is retrieved from the User form. If AR System authentication fails, OS authentication is attempted. If OS authentication is successful, user information is retrieved from the OS