Creating a Process Account¶
A process account represents any program that connects and non-interactively authenticates to thet FWD server. It can be used to implement any kind of batch program, an interactive terminal that is shared between multiple users (like a kiosk) or an external application that is custom coded to use FWD server services. Process accounts are not necessarily non-interactive, but they always represent an account that non-interactively authenticates.
To achieve the non-interactive authentication, the remote code must present a valid certificate (as credentials) to the FWD server, which is known to be associated with a single process account. When the remote code connects, the FWD server checks if the certificate is valid and identifies a process account. If so, it allows the connection and creates a security context for the session that is associated with the found process account.
Before a new process account can be defined for a FWD server, the certificate (that is the process account credentials) must already have been defined for the FWD server as a “peer certificate”. Please see the chapter entitled Loading Known Certificates for more details.
To create a new process account, access Accounts and then Processes from the main menu.
This should bring up a Process Accounts Management screen that looks similar to this:
Press the Add Process button. This should bring up the Process Account Definition dialog:
The Account Name is the short name for the account. When referenced in an Access Control List (ACL) or as part of a Group, the account name can be selected as a “subject”. This is the identity of the process within the FWD server.
The Description can be anything useful to the administrator. This is not used in any processing, but it may appear in administrative reports.
The Certificate drop-down provides the list of peer certificates from which to choose. Select the certificate that is meant to be uniquely associated with this process.
If this account represents a remote FWD server, select Server. Leave this deselected if this process account is an application. A process account is always either a server or an application.
If this account is a server account, selecting Master defines that this server is allowed to modify the directory. Leaving this deselected means that the server account has read-only access to the directory, but cannot edit the directory.
Press the Save button to create the account or Cancel to abort the creation.
© 2004-2017 Golden Code Development Corporation. ALL RIGHTS RESERVED.