67 lines
4.4 KiB
HTML
67 lines
4.4 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Authentication" />
|
|
<meta name="abstract" content="This information explains the process of authentication and the role that it plays in a single signon solution." />
|
|
<meta name="description" content="This information explains the process of authentication and the role that it plays in a single signon solution." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamzconcepts.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzamzauthentication" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Authentication</title>
|
|
</head>
|
|
<body id="rzamzauthentication"><a name="rzamzauthentication"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Authentication</h1>
|
|
<div><p>This information explains the process of authentication and the
|
|
role that it plays in a single signon solution.</p>
|
|
<p>Authentication is the process in which an individual indicates who he is
|
|
and then proves it, typically based on a user name and password. The process
|
|
of authentication is different from the process of <a href="rzamzauthorization.htm">authorization</a>,
|
|
in which an entity or a person is granted or denied access to a network or
|
|
system resource.</p>
|
|
<p>A single signon environment streamlines the process and management of authentication
|
|
for users and administrators. Because of the way single signon is implemented
|
|
on your system, not only do users need to supply fewer IDs and passwords but,
|
|
if you choose to, they do not even need to have a <span class="keyword">i5/OS™</span> passwords.
|
|
Administrators need to troubleshoot identity and password problems less often
|
|
because users need to know fewer identities and passwords to access the systems
|
|
that they use.</p>
|
|
<div class="p">Interfaces that are enabled for single signon require the use of Kerberos
|
|
as the authentication method. <a href="../rzakh/rzakh000.htm">Network authentication service</a> is the <span class="keyword">i5/OS</span> implementation
|
|
of the Kerberos authentication function. Network authentication service provides
|
|
a distributed authentication mechanism through the use of a Kerberos server,
|
|
also called a key distribution center (KDC), which creates service tickets
|
|
that are used to authenticate the user (a <span class="uicontrol">principal</span> in
|
|
Kerberos terms) to some service on the network. The ticket provides proof
|
|
of the principal's identity to other services that the principal requests
|
|
in the network.<div class="note"><span class="notetitle">Note:</span> If you are an application developer, it is possible to
|
|
make use of other types of authentication methods as you enable your applications
|
|
to work in a single signon environment. For example, you can create applications
|
|
that use an authentication method, such as digital certificates, in conjunction
|
|
with EIM APIs to enable your application to participate in a single signon
|
|
environment.</div>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzconcepts.htm" title="Use this information to learn about the underlying concepts for single signon for a better understanding of how you can plan to use single signon in your enterprise.">Concepts</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |