Specifying authentication chaining mode
You can specify the order in which internal and external authentication methods are attempted by specifying a value for the Authentication Chaining Mode field.
When Authentication Chaining is enabled, all authentication methods in the chain are attempted in the specified order until either authentication succeeds or all the methods in the chain fail.
To set the authentication chaining mode
- Open the AR System Administration: Server Information form, and click the EA tab.
- In the External Authentication Server RPC Program Number field, enter 390695.
- Select Authenticate Unregistered Users, Cross Reference Blank Password, or both.
From the Authentication Chaining Mode list, select one of these values:
Disables authentication chaining.
ARS - AREA
BMC Remedy AR System attempts to authenticate the user by using the User form and then the AREA plug-in.
AREA - ARS
BMC Remedy AR System attempts to authenticate the user by using the AREA plug-in and then the User form.
ARS - OS - AREA
BMC Remedy AR System attempts to authenticate the user by using the User form, then Windows or UNIX authentication, and then the AREA plug-in.
ARS - AREA - OS
BMC Remedy AR System attempts to authenticate the user by using the User form, then the AREA plug-in, and then Windows or UNIX authentication.
Ensure that you configure the Pluggable Authentication Module (PAM) configuration file on the UNIX system for OS authentication to work. Create a file auth in the /etc/pam.d folder. The file contains the authentication parameters and security settings specific for UNIX system, for example:
auth required pam_unix.so
BMC Remedy AR System behaves differently depending on the authentication chaining mode you choose and other external authentication parameters you specify. See Determining AREA behavior.
Click Apply and OK.
If you use the AREA hub, the authentication chaining mode treats it like a single plug-in, and plug-ins installed in the AREA hub are considered in sequence until a valid response is returned. See Setting up the AREA hub.