Creating a Process Account¶
A process account represents any program that connects and non-interactively authenticates to thet FWD server. It can be used to implement any kind of batch program, an interactive terminal that is shared between multiple users (like a kiosk) or an external application that is custom coded to use FWD server services. Process accounts are not necessarily non-interactive, but they always represent an account that non-interactively authenticates.
To achieve the non-interactive authentication, the remote code must present a valid certificate (as credentials) to the FWD server, which is known to be associated with a single process account. When the remote code connects, the FWD server checks if the certificate is valid and identifies a process account. If so, it allows the connection and creates a security context for the session that is associated with the found process account.
Before a new process account can be defined for a FWD server, the certificate (that is the process account credentials) must already have been defined for the FWD server as a “peer certificate”. Please see the chapter entitled Loading Known Certificates for more details.
To create a new process account, access Accounts
and then Processes
from the main menu.
This should bring up a Process Accounts Management
screen that looks similar to this:
Press the Add Process
button. This should bring up the Process Account Definition
dialog:
The Account Name
is the short name for the account. When referenced in an Access Control List (ACL) or as part of a Group, the account name can be selected as a “subject”. This is the identity of the process within the FWD server.
The Description
can be anything useful to the administrator. This is not used in any processing, but it may appear in administrative reports.
The Certificate
drop-down provides the list of peer certificates from which to choose. Select the certificate that is meant to be uniquely associated with this process.
If this account represents a remote FWD server, select Server. Leave this deselected if this process account is an application. A process account is always either a server or an application.
If this account is a server account, selecting Master
defines that this server is allowed to modify the directory. Leaving this deselected means that the server account has read-only access to the directory, but cannot edit the directory.
Press the Save
button to create the account or Cancel
to abort the creation.
© 2004-2017 Golden Code Development Corporation. ALL RIGHTS RESERVED.