Chapter 23       Unix Authentication Attributes


The Unix Authentication Service consists of global and organization attributes. The values applied to the global attributes are applied across the Sun ONE Identity Server configuration, and are inherited by every configured organization. They can not be applied directly to roles or organizations, as the goal of global attributes is to customize the Identity Server application. Values applied to the organization attributes are default values for each organization configured and can be changed when the service is registered to the organization. The organization attributes are not inherited by entries of the organization. The Unix Authentication Attributes are divided into:

• Global Attributes

• Organization Attribute

  
  

  ---

  Note	The Unix authentication service is not supported on the Windows 2000 platform.

  ---

  
  

Global Attributes

---

The global attributes in the Unix Authentication service are:

• Unix Helper Configuration Port

• Unix Helper Authentication Port

• Unix Helper Timeout (Minutes)

• Unix Helper Threads

Unix Helper Configuration Port

This attribute specifies the port to which the Unix Helper `listens' upon startup for the configuration information contained in the Unix Helper Authentication Port, Unix Helper Timeout (Minutes), and Unix Helper Threads attributes. The default is 58946.

If this attribute is changed, you must also change the unixHelper.port entry in the AMConfig.properties file, and restart Identity Server.

Unix Helper Authentication Port

This attribute specifies the port to which the Unix Helper `listens' for authentication requests after configuration. The default port is 57946.

Unix Helper Timeout (Minutes)

This attribute specifies the number of minutes that users have to complete authentication. If users surpass the allotted time, authentication automatically fails. The default time is set to 3 minutes.

Unix Helper Threads

This attribute specifies the maximum number of permitted simultaneous Unix authentication sessions. If the maximum is reached at a given moment, subsequent authentication attempts are not allowed until a session is freed up. The default is set to 5.

Organization Attribute

---

The organization attribute for the Unix Authentication service is:

Unix Module Authentication Level

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. (The value in this attribute is not specifically used by Identity Server but by any external application that may chose to use it.) If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0, the lowest authentication level.

---

Note	If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Auth Level. See "Default Auth Level" for details.

---