Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE
41424344454647484950
Authentication
1-31
User Validity Period
Validity periods can be set for users in Interstage Single Sign-on.
For example, if the information on new employees is stored in the SSO repository in advance, settings
can be made to validate authentication on the beginning date of employment and specify the projected
end date of employment as the validity period end date.
Thus, authentication can be invalidated temporarily, and user validity periods can be set without deletion
of user information from the SSO repository.
Set the user validity period by specifying values in "ssoNotBefore" and "ssoNotAfter" for the user
information in the SSO repository.
For details about the user information in the SSO repository, refer to "User Information Entry".
Lockout
In order to protect users against unauthorized access, the lockout function restricts authentication and
disables access to the resources managed by Interstage Single Sign-on.
If a user inputs invalid passwords (user ID and password) for a specified number of consecutive times,
the user is locked and the use of the Single Sign-on system is restricted to disable the user from
attempting the input of any more passwords.
The locked user fails authentication until the userID is unlocked.
To unlock user is performed using the Interstage Management Console by the SSO administrator. The
locked user can also be unlocked automatically after a specified time. Automatic unlocking after a
specified time is performed at the user's first authentication operation after the specified time elapses.
The count for successive authentication failures is reset when the user succeeds in password
authentication.
Remark
If a user fails in authentication using a certificate, the user is requested to input the user ID and
password. If the authentication method specified for that user is "certificate authentication" or
"Password authentication and certificate authentication," the user will fail in authentication even when
the user inputs valid user ID and password. If it occurs, select [Cancel] on the User ID/Password
Request window.
When the user inputs a user ID and a password to the user ID/password request window, the user is
regarded as a lockout target and the count for successive authentication failures is increased by one,
even if the input user ID and password are valid.