SECURITY_METHOD

This variable lets you determine the security method AcuConnect employs for user logon. AcuConnect can use the operating system's native logon facility or the security provided by the AcuAccess file. Users can use their regular passwords when they connect to servers, instead of having a different password in the AcuAccess file or remembering to keep the password in the AcuAccess file coordinated with the native password.

This feature works for Windows servers and for UNIX servers. For UNIX servers, passwords can be stored in /etc/passwd or in /etc/shadow (in other words, the machine uses shadow passwords). It does not use the newer pluggable authentication module (PAM) libraries.

The default value of SECURITY_METHOD is "NONE", which means that AcuConnect's AcuAccess file security is used. See Establishing System Security for information about using the AcuAccess file.

When this variable is set to "LOGON", the operating system's native logon capability is used.

Windows

In Windows, AcuConnect attempts to log the user onto the domain specified in the WINNT_LOGON_DOMAIN configuration variable. AcuConnect first uses the password in the AcuAccess file to log the user onto the server. If the AcuAccess password matches the user's Windows domain password, the login completes and the user is never prompted for a password. If the password doesn't match, or if the password field in the AcuAccess file is empty, the user is prompted to supply a password. The password provided must match the user's network domain password on the Windows server. The number of attempts the user has to supply the correct password is limited by the value of the configuration variable PASSWORD_ATTEMPTS. A successful logon grants users all the access rights they would have if they were directly logged on to the server. AcuConnect allows Windows servers to manage all issues pertaining to access permissions.

UNIX

In UNIX, the AcuAccess password is checked against the password in the system files. If the password matches, the login is completed. If it doesn't match, the user is asked for a password that is then checked against the system password. If you want your UNIX machine to be able to restrict access to the machine based on various parameters, set the USE_SYSTEM_RESTRICTIONS configuration variable.

In distributed processing, SECURITY_METHOD is set on both the client and the server, and the values must match. If the values don't match, the security method reverts to "NONE", which uses only the AcuAccess password.

In a thin client environment, the initial behavior is different from that of distributed processing. When the thin client establishes its configuration, it has a default setting of "LOGON". This value must match the SECURITY_METHOD setting on the server. If the values don't match, the security method reverts to "NONE", which uses only the AcuAccess password.