All of the same Authentication modules which can be used for authentication of users connecting to KeyServer with KeyAccess may also be used for authentication of administrators connecting to KeyServer with KeyConfigure. Admin Authentication settings are accessed by selecting Admin Authentication from the Admin menu. By configuring an external authentication method for administrators, you can use the external system to check admin passwords, and determine administrative privileges based on group membership in the external authentication system.
The Admin Authentication dialog is almost identical to the User Authentication dialog, so you should refer to the Authentication documentation for details of how to select and configure each module. The one difference in the dialog itself is the presence of the Copy User Auth button. What this button does is simply copy the current configuration from the User Authentication window, including the choice of authentication module. So, if you have configured and tested authentication for users, and you wish to use the same system for administrators, this is easy to accomplish. Note that this is a one time copy - if you later change the User settings, the Admin settings will not automatically be kept in sync.
When a KeyConfigure administrator attempts to log in, first the internally defined Accounts are checked, and then the Admin Authentication is checked. In order for an admin to succeed in logging in due to external authentication, two things must happen. First, they must provide a name and password which are accepted by the external authentication. Second, there must be a Role defined which has an associated group which the external authentication method associates with the user name. Note that some authentication modules can use multiple properties to determine group membership when authenticating a KeyAccess user. However, for Admin Authentication, only the user name can be used to determine group membership.
So, in order for Admin Authentication to actually accomplish anything, you need to make sure that you have at least one Role defined with an associated group which the external authentication knows about - and which your admins are members of. Note that since the Single Password module does not define groups, it is not useful for Admin Authentication. For more details on Admins and Roles, see the Roles & Accounts Window documentation.
| Help Index | 2011.09.21 |