SECURITY_METHOD

This variable lets you specify the security method to use when accessing files via AcuServer. If desired, you can use your server's native security mechanism in place of AcuServer's so that users can use their usual passwords when accessing files rather than remembering or coordinating an AcuAccess password as well as a network password. On Windows 2008 it is essentially required that you use Windows security methods. This is mainly because of the Windows implementation of User Account Control (UAC) security feature.

Note: This feature works for Windows servers and UNIX servers that use shadow passwords. It does not use PAM (pluggable authentication module) libraries.

When native security is enabled, AcuServer impersonates the user who is logged onto the client machine. This allows AcuServer to spend less time managing security issues, and allows the full range of operating system security to be used on files and directories on the server. To use this feature, you must have the necessary user accounts set up and configured on the server. (Ask your system administrator whether security has been set up for each potential user.) Once a user is connected, it is as if that user is actually logged onto the server. Files that are available to the user when he or she is directly logged on to the server are available to the user who is connected via AcuServer.

SECURITY_METHOD can take any of the following values:

Value Definition
NONE (false, no) Do not use the native operating system security. Use AcuServer security instead. NONE is the default value.
LOGON Use the system's native security to manage user logons.

On Windows, attempt to log the user onto the Windows NT domain specified in the WINNT-LOGON-DOMAIN configuration variable. If the access file allows the connection, check the access record for the domain password. If it is present, establish a connection. If the password is not present in the access record or does not match the domain password, prompt the user for the domain password of the local username account. The number of attempts the user has to supply the correct password is limited by the value of the configuration variable PASSWORD_ATTEMPTS (3, by default). A successful logon grants users all of the same access rights they would have if they were directly logged onto the server. AcuServer allows the Windows NT/Windows 2000 server to manage all issues pertaining to access permissions.

On UNIX, if the access file allows the connection, check the access record for the native password. If it is present, establish a connection. If the password is not present in the access record or does not match the native password, prompt the user for the native password of the local username account.

Some UNIX machines have a the ability to restrict access to the machine based on various parameters. If you want to include those restrictions in AcuServer, set the configuration variable USE-SYSTEM-RESTRICTIONS to TRUE. See your UNIX administration manuals for information on this restriction feature.

NAMED-PIPE (on, true, yes) "NAMED PIPE" can be specified only when a Windows client is connecting to a Windows server. It is not valid for UNIX clients and is treated as NONE if specified for UNIX.

A value of NAMED PIPE tells AcuServer to use Windows security based on the connection made from the client to the server via a named pipe. When a named pipe is used, the password field in the AcuAccess file is ignored. The AcuAccess file is used only as a first check to see if the user connecting to the server is allowed to connect.

To use this option successfully, your client machine must have permission to connect to the named pipe that AcuServer creates. If your machine does not have permission, it may look to you as though your client runtime has hung and it may look to other users as though the server is down. Without the proper permission, the only way to resolve this situation is to kill the server using the Windows Task Manager. See your Windows system administrator for help in establishing named pipe permissions and resolving connection problems.

The SECURITY_METHOD configuration variable must be set in both the client runtime configuration file and the AcuServer configuration file. The values must match or the security method reverts to NONE, and only the AcuAccess password is used.