Transferring client credentials to server, Realm authentication – HP Integrity NonStop H-Series User Manual
Page 56
..........
..........
For more information on the default configuration, see
Transferring client credentials to server
The following list describes how a client’s credentials are transferred to the server:
1.
The client first connects to the server over TCP.
2.
The remoting connector on the server, upon receiving a new connection, negotiates the
connection with the client in the following way:
•
While negotiating, if the remoting-connector is configured with realm with an
authentication element, and the authentication is configured with a security mechanism
that requires a password, the connector requires the client credentials (such as username,
password, and realm) from the remote client.
•
If the remoting connector is not configured with a realm, or if the realm is configured with
authentication element with security mechanisms that do not demand a password (For
example, the local authentication mechanism), then the connector does not prompt for
client security credentials. In this case, the container does not have the client credentials.
Hence, the server cannot authenticate or authorize access to any of its resources. This
means any user can access any resource on the container.
3.
If the security credentials are obtained by the remoting connector, then the client is authenticated
against the realm that is configured in the remoting connector configuration.
The local authentication mechanism (represented by the
password. The digest authentication mechanism (represented by the
requires user credentials such as username and password. For more information on the security
subsystem, see
.
Realm authentication
The following list explains how a realm can be configured, and how connections are authenticated
based on the realm configuration:
•
Realms are defined in host.xml.
•
A security-realm can be configured with the following elements:
authentication
: This is used for authentication for an inbound connection. The default
configuration uses local mechanism and digest mechanism for authentication. This can
◦
also be configured to use any JAAS based authentication mechanism. The JAAS
authentication mechanism is configured using the security domains configured in
domain.xml
. For more information, see
.
◦
authorization
: This is used to load user roles for an authenticated user. It is important
to understand that authorization just loads the properties and does not perform any
56
Configuring NSASJ