This information explains the process of authentication and the
role that it plays in a single signon solution.
Authentication is the process in which an individual indicates who he is
and then proves it, typically based on a user name and password. The process
of authentication is different from the process of authorization,
in which an entity or a person is granted or denied access to a network or
system resource.
A single signon environment streamlines the process and management of authentication
for users and administrators. Because of the way single signon is implemented
on your system, not only do users need to supply fewer IDs and passwords but,
if you choose to, they do not even need to have a i5/OS™ passwords.
Administrators need to troubleshoot identity and password problems less often
because users need to know fewer identities and passwords to access the systems
that they use.
Interfaces that are enabled for single signon require the use of Kerberos
as the authentication method.
Network authentication service is the
i5/OS implementation
of the Kerberos authentication function. Network authentication service provides
a distributed authentication mechanism through the use of a Kerberos server,
also called a key distribution center (KDC), which creates service tickets
that are used to authenticate the user (a
principal in
Kerberos terms) to some service on the network. The ticket provides proof
of the principal's identity to other services that the principal requests
in the network.
Note: If you are an application developer, it is possible to
make use of other types of authentication methods as you enable your applications
to work in a single signon environment. For example, you can create applications
that use an authentication method, such as digital certificates, in conjunction
with EIM APIs to enable your application to participate in a single signon
environment.