Specifying authentication chaining mode
You can specify the order in which internal and external authentication methods are attempted with authentication chaining. Then, all authentication methods in the chain are attempted in the specified order until authentication succeeds or all the methods in the chain fail.
To set the authentication chaining mode
- Open the AR System Administration: Server Information form, and click the EA tab.
- In the External Authentication Server RPC Program Number field, enter 390695.
- Select Authenticate Unregistered Users, Cross Reference Blank Password, or both.
From the Authentication Chaining Mode list, select one of these values:
Mode
Description
Off
Disables authentication chaining.
ARS - AREA
AR System attempts to authenticate the user by using the User form and then the AREA plug-in.
AREA - ARS
AR System attempts to authenticate the user by using the AREA plug-in and then the User form.
ARS - OS - AREA
AR System attempts to authenticate the user by using the User form, then Windows or UNIX authentication, and then the AREA plug-in.
ARS - AREA - OS
AR System attempts to authenticate the user by using the User form, then the AREA plug-in, and then Windows or UNIX authentication.
Ensure that you configure the Pluggable Authentication Module (PAM) configuration file on the UNIX system for OS authentication to work. Create an auth file in the /etc/pam.d folder. The file contains the authentication parameters and security settings specific for UNIX systems, for example:
#%PAM-1.0
auth required pam_unix.soAR System behaves differently depending on the authentication chaining mode you select and other external authentication parameters you specify. See Determining-AREA-behavior.
Click Apply and OK.
If you use the AREA hub, the authentication chaining mode treats it like a single plug-in, and plug-ins installed in the AREA hub are considered in sequence until a valid response is returned. See Setting-up-the-AREA-hub.