This section describes the various login methods supported by EAServer 6.0:
CTS-Auth – enter the name of the authentication service component in the field provided. See Chapter 7, “Creating and Using Custom Security Components.”
FTP – enter one or more host names for FTP login validation. If there are multiple host names (allowing for fault tolerance), use a comma as a separator.”). The default value is “localhost”. You must also enter the FTP port number.
HTTP – enter one or more resource URLs to be used for HTTP login validation. If there are multiple URLs (allowing for fault tolerance), use double-semicolons as a separator.”). The default value is http://host_name:8000/wsh/login.
JAAS – supply the name of a JAAS (Java Authentication and Authorization Service) login context in the Access Control Policy field which has been configured in the JAAS configuration file. See Chapter 8, “Using the JAAS API.”
JDBC – supply the name of the jConnect driver in the Access Control Policy field. The default value is com.sybase.jdbc2.jdbc.SybDriver. You must also supply one or more database URLs to be used for JDBC login validation. If there are multiple URLs (allowing for fault tolerance), use double-semicolons as a separator.
JNDI – supply the name of the initial context factory class, the provider URL to be used for initialization of the context factory, and the name to be looked up to determine that the login was successful. Upon login, the user name and password are verified against the JNDI entry.
Local-hash – The default login method. Local-hash uses a hashing algorithm to encrypt the password and store it on a local table using either Secure Hash Algorithm 1 (SHA1) or Secure Hash Algorithm 512 (SHA-512).
None – requires no authentication.
OS Auth – native operating system authentication. User names for an EAServer connection map directly to a login name on the host operating system. To enable OS Auth, EAServer 6.0 must be running under a process that has local admin privileges. Ensure that the user that is running the process is a member of the Local Administrator Group. You may need to log off and log back on in order for this to take effect. You must also:
Select Start Menu | Control Panel | Administrator Tools | Local Security Policy. This starts the Local Security Settings Window.
Choose Local Policies | User Rights Assignment | Act As Part of the Operating System.
Use “Add User or Group” to add the user that EAServer will be running under.
Log off and log back in for this to take effect.
Define a domain definition that proxies the authentication to the OSLoginModule. The following is a sample domain definition. You should modify files only through the Web Management Console or a configuration script.
#Instance Properties
#Mon Aug 08 15:43:51 EDT 2005
#Location: ${djc.home}/Repository/Instance/com/sybase/djc/security/?SecurityDomain/sybase.com.properties
jdbcDriverClass=com.sybase.jdbc2.jdbc.SybDriver
passwordSpecialCharacters=
loginFailureLockTimeout=600
webRealmNames=
maximumPasswordLength=14
accessControlPolicy=${javax.security.jacc.policy.provider}
requireMixedCasePasswords=false
auditAccessPermitted=false
passwordHashAlgorithm=SHA-512
jndiProviderURL=
user-roles\:delafran=wmc.admin
minimumPasswordSpecialCharacters=0
minimumPasswordLetters=2
jdbcDatabaseURL=jdbc\:sybase\:Tds\:localhost\:2638
all-roles\:=all
all-users\:=delafran
ftpPortNumber=21
minimumPasswordLength=6
httpResourceURL=http\://???\:8000/wsh/login
loginMethod=os-auth
permissionCacheTimeout=3600
retainOldPasswords=8
loginCacheTimeout=3600
role-users\:all=delafran
ftpHostName=localhost
jndiInitialContextFactory=
passwordEndCharacters=
minimumPasswordDigits=1
jndiLookupName=
passwordStartCharacters=
auditAccessDenied=false
jaasLoginContext=${jaas.login.context}
loginFailureLockThreshold=5
