Understanding user authentication

You can configure your installation to authenticate TEXTML Server users.

Authentication is the process of identifying and verifying TEXTML Server users when they log in before providing access. Two authentication schemes are available:
  • Kerberos authentication—Kerberos is an authentication protocol, based on the concept of "tickets", that allows nodes to prove their identity to one another in a secure manner. TEXTML Server can use the Kerberos protocol to authenticate users and provide secure transactions between itself and a client application.

    The Kerberos authentication scheme is supported on Windows only (using Active Directory).

    Note: For more information about Kerberos, see the Kerberos documentation.
  • Local authentication—In this scheme, TEXTML Server authenticates its users locally on the system it is currently running. Note that in this scheme, the username and password are passed in clear by the client application to TEXTML Server. Local authentication is supported on both Windows and Linux, as follows:
    • On Windows, TEXTML Server uses the local operating system to resolve the username and password provided. So if the local machine is a member of a domain/forest, all trusted users of this domain/forest can log into TEXTML Server using their Windows username and password. Note that if the Secure Sockets Layer (SSL) protocol is used, passwords are encrypted.

    • On Linux, TEXTML Server uses pluggable authentication modules (PAM). TEXTML Server can be added to the list of PAM applications, so that users can log into TEXTML Server using their Linux username and password. Note that if the Secure Sockets Layer (SSL) protocol is used, passwords are encrypted.

Table 1 summarizes the authentication schemes supported by operating system.

Table 1. Supported authentication schemes
Authentication scheme Windows Linux
Kerberos authentication Supported Not supported
Local authentication Supported Supported

You control which authentication scheme is enabled and which users can access the TEXTML Server application through configuration.

Note: While both authentication schemes can be enabled at the same time, this approach is not recommended. However, if both schemes are enabled, Kerberos authentication will first be performed and local authentication will be performed next.

If TEXTML Server user authentication is not enabled (default setting), the TEXTML Server application will still present the login window when users attempt to connect but it will accept any username and password.

Once authentication is enabled, you must configure who can access TEXTML Server components (servers, docbases, collections) and documents. This is achieved by configuring TEXTML Server security through roles and permissions. See the TEXTML Server Administration Guide for more information.