PNS can authenticate every connection: it is a single sign-on (SSO) authentication point for network connections. During authentication, PNS communicates with the Authentication Agent (AA) application that runs on the client computers.
However, PNS does not have database access for authentication information such as usernames, passwords and access rights. It operates indirectly with the help of authentication backends through an authentication middleware, the Authentication Server (AS). To authenticate a connection, PNS connects to AS, and AS retrieves the necessary information from a user database. AS notifies PNS about the results of the authentication, together with some additional data about the user that can be used for authorization.
AS supports the following user database backends:
plain file in Apache htpasswd format
Pluggable Authentication Module (PAM) framework
RADIUS server
LDAP server (plain BIND, password authentication, or with own LDAP scheme)
Microsoft Active Directory
AS supports the following authentication methods:
plain password-based authentication
challenge/response method (S/KEY, CryptoCard RB1)
X.509 certificates
Kerberos 5
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu
