Connect to the Purdue Home Page

Purdue University

Identity and Access Management

Authentication by Identifier and Password

Users may authenticate to a realm by providing an identifier (PUID or alias), a password, and the name of the realm to which they wish to authenticate. A successful authentication to a realm establishes the user's identify in that realm, and possibly in other realms (see "Trust relationships", below).

Because passwords are sent to authcnetd unencrypted, authentication attempts may only take place over an SSL connection.

The User:

  • connects to authcnetd
  • provides:
    • a PUID or alias
    • a password
    • the name of the realm

Authcnetd:

  • replies ACK if:
  • replies NAK if:
    • the password does not match, or
    • the realm's authentication policies do not allow the user to authenticate (e.g., if an account is "frozen", authcnetd replies NAK even if the password matches)

Authentication Sessions

While a user remains connected, authcnetd tracks the session's authentication state and passes it to authcdbm with each command. If the user authenticates to multiple realms, authcnetd records each successful authentication and passes these authentication credentials to authcdbm.

Trust Relationships Realms may define trust relationships with other realms to allow a user to authenticate once and share the resulting authentication credentials with other realms. The combination of authcdbm's trust relationships and authcnetd's tracking of authentication sessions allows users to establish their identities in multiple realms with a single authentication.

Feedback | Contact Purdue | Style Standards
Maintained by: IAMO Team

Purdue University, West Lafayette, IN 47907, (765) 494-4600
© 2010 - 2013 Purdue University | An equal access/equal opportunity university | Copyright Complaints
If you have trouble accessing this page because of a disability, please contact the CSC at itap@purdue.edu or (765) 494-4000.