Authentication by Identifier and Password
Users may authenticate to a realm by providing an identifier
alias), a password, and the
name of the realm to which they wish to authenticate. A successful authentication to a realm establishes the user's
identify in that realm, and possibly in other realms (see "Trust relationships", below).
Because passwords are sent to authcnetd unencrypted, authentication attempts may only take place over an SSL connection.
- connects to authcnetd
- a PUID or alias
- a password
- the name of the realm
- replies ACK if:
- the password matches, and
- the realm's authentication policies allow the user to authenticate
- replies NAK if:
While a user remains connected, authcnetd tracks the session's authentication state and passes it to authcdbm with each
command. If the user authenticates to multiple realms, authcnetd records each successful authentication and passes these
authentication credentials to authcdbm.
Trust Relationships Realms may define trust relationships with other realms to allow a user to authenticate once and share the resulting authentication credentials with other realms. The combination of authcdbm's trust relationships and authcnetd's tracking of authentication sessions allows users to establish their identities in multiple realms with a single authentication.