Share-level security 31, User level (domain) security 31 – HP StorageWorks 8000 NAS User Manual

NAS 8000 Concepts 31

NA
S 80
00

C

on

cep

ts

Share-Level Security

With share-level security, the server explicitly asks for permission (password)

every time a user connects to a share on the NAS server. Thus, any user on

the network who knows the name of the NAS server, the name of the resource

(or file), and the password has access to the resource. When you are using

share-level security, you can assign shares a read-only password and/or a

read-write password.

User Level (Domain) Security

With user-level security, the client accessing the NAS server passes the

credentials of the logged-on user to the NAS server system transparently. The

NAS server in turn queries the Primary Domain Controller (PDC) or Backup

Domain Controller (BDC) to authenticate the user. Once the user is

authenticated, the PDC or BDC returns a Security ID (SID) that the NAS server

uses to check the client's access rights. This token is then used with all

subsequent requests from that client.
The NAS server supports the NT Master Domain model. This allows the NAS

server to participate in a resource domain that is separate from the domain in

which users are authenticated.

Figure 3

NT Master Domain Model

At boot-up time, the NAS server locates the PDC in the specified account

domain, as well as the domain controller in the specified resource domain,

then logs on to that domain.