Google Search Appliance Managing Search for Controlled-Access Content User Manual
Page 63

Google Search Appliance: Managing Search for Controlled-Access Content
63
9.
The search appliance queries the index and obtains a list of relevant results for Leslie’s query.
10. The search appliance checks the list to see whether any of the results require authorization and
filters the results based on which results Leslie is authorized to view.
11. The search appliance directs Leslie’s browser to a search results page that contains all results that
match the query “Island” that Leslie is authorized to view.
Use Case 4: Windows Authentication with Kerberos
Tickets for Secure Serve
AlphaLyon has decided to upgrade older servers and implement a new security policy that uses
Integrated Windows Authentication (IWA) on all machines throughout their internal domain. The
domain controller is a Windows server named hal.alphalyon.com.
AlphaLyon is going to upgrade the following servers:
•
products.alphalyon.int is a simple web server that uses HTTP Basic authentication. This server
contains information about the company’s products.
•
news.alphalyon.int is a Microsoft IIS web server that uses NTLM HTTP. This server contains news
announcements.
•
emp.alphalyon.int is another Microsoft IIS server that uses NTLM HTTP. It provides internal
information about employees, such as email addresses and phone numbers.
•
sales.alphalyon.int is a web server that uses HTTP Basic authentication. This server stores
general information used by everyone on the sales team.
•
customers.alphalyon.int is a Microsoft IIS server that uses NTLM HTTP. It stores customer
directory information, such as phone numbers and addresses.
Our search appliance administrator, Tanya, wants to use Kerberos authentication to enable the search
appliance to silently authenticate the user without requiring an HTTP Basic login box.
This use case is based on the following assumptions:
•
Tanya has already set up crawl and index for the protected content by providing the search
appliance with credentials on Crawl and Index > Crawler Access.
•
The following two servers have been crawled with Make Public selected:
products.alphalyon.int and news.alphalyon.int and their content is public. Content on the
other servers is secure.
•
The search appliance has already indexed the protected content.
Once again, AlphaLyon has these people who interact with this content:
•
Ashish, the system administrator
•
Tanya, the search appliance administrator
•
Eric, an employee who needs to find content
•
Salim, a sales manager who needs to find information on pricing for the upcoming “AlphaLyon
Product” release.