Specifying authentication chaining mode

You can specify the order in which internal and external authentication methods are attempted with authentication chaining.  Then, all authentication methods in the chain are attempted in the specified order until authentication succeeds or all the methods in the chain fail.

To set the authentication chaining mode

1. Open the AR System Administration: Server Information form, and click the EA tab.
2. In the External Authentication Server RPC Program Number field, enter 390695.
3. Select Authenticate Unregistered Users, Cross Reference Blank Password, or both.

4. From the Authentication Chaining Mode list, select one of these values:

   Mode	Description
   Off	Disables authentication chaining.
   ARS - AREA	attempts to authenticate the user by using the User form and then the AREA plug-in.
   AREA - ARS	attempts to authenticate the user by using the AREA plug-in and then the User form.
   ARS - OS - AREA	attempts to authenticate the user by using the User form, then Windows or UNIX authentication, and then the AREA plug-in.
   ARS - AREA - OS	attempts to authenticate the user by using the User form, then the AREA plug-in, and then Windows or UNIX authentication.

   Ensure that you configure the Pluggable Authentication Module (PAM) configuration file on the UNIX system for OS authentication to work. Create an auth file in the /etc/pam.d folder. The file contains the authentication parameters and security settings specific for UNIX systems, for example:

   #%PAM-1.0
   auth        required     pam_unix.so

    behaves differently depending on the authentication chaining mode you select and other external authentication parameters you specify. See Determining-AREA-behavior.

5. Click Apply and OK.

   If you use the AREA hub, the authentication chaining mode treats it like a single plug-in, and plug-ins installed in the AREA hub are considered in sequence until a valid response is returned. See Setting-up-the-AREA-hub.