Using Multiple Security Schemes
Integrity Lifecycle Manager supports the use of multiple security schemes to authenticate users. For example, you could have the following security policy:
mks.security.policy.scheme.default=windows_clear,mksdomain_clear
With this security policy, when a user attempts to log on to the system, the user’s credentials are first presented to the Kerberos server, and if they are accepted, the user is logged on. If the user’s credentials are not accepted, they are presented to the MKS Domain. If they are not accepted by the MKS Domain, then the user is denied access to the application.
The Integrity Lifecycle Manager server officially supports the following security realm combinations:
• windows single sign-on and windows
• windows single sign-on and MKS Domain
• windows and MKS Domain
• windows single sign-on, windows, and MKS Domain
• LDAP and MKS Domain
• UNIX and MKS Domain
|
Each security scheme in the combination must use the same transport protocol (clear or private).
|
If you are using multiple security schemes and have identical user names in two or more security realms, when logging in with that user name you must use the password as it is defined in the first security realm that is listed. For example, if your have the following security policy:
mks.security.policy.scheme.default=windows_clear,mksdomain_clear
and jbrown is defined as a user name in both the ADS and MKS Domain security realms, when logging in as jbrown you must use the password defined in the ADS realm.