Tarantella uses an extensible mechanism for
authenticating users. Users may be authenticated in many different
ways, including by reference to other systems. Each authentication
mechanism, called a login authority, effectively defines a
type of Tarantella user.
| Anonymous user |
To allow kiosk-style access to a webtop, with no username and
password required.
|
| ENS user |
To give users their own webtop and other
Tarantella-specific settings. Each user has their
own ENS person object.
|
| LDAP user |
If you already have an LDAP directory server and want to integrate with
Tarantella either with or without creating ENS person objects for each user.
Each user has their own person object in
the LDAP directory server.
|
| NT user |
To give NT users access to a webtop either with or without creating ENS person objects
for each user.
|
| SecurID user |
To give RSA SecurID® users access to a webtop either with or without creating ENS person objects for each user.
|
| UNIX group |
To give UNIX users access to a webtop, with different webtops
for each UNIX group.
|
| UNIX user |
To give UNIX users access to a webtop either with or without creating ENS person
objects for each user.
|
| Web user |
To give users, who have been authenticated by a web server, access to a webtop without creating person objects
for each user.
|
| Anonymous user |
- Doesn't have a person object in ENS.
- Uses a blank username and password to log in to
Tarantella.
- The profile object
o=Tarantella System
Objects/cn=Anonymous User Profile in ENS is used for the login profile.
- Each user logged in anonymously has independent emulator
sessions. These emulator sessions end automatically when the user
logs out, or closes the web browser. These sessions belong to that
webtop connection.
- All password cache entries and web cache entries belong to the
o=Tarantella System Objects/cn=Anonymous User
Profile object in ENS. This means that all anonymous users
share the same application server passwords. Anonymous users aren't
allowed to add or change password cache entries.
Note You can only have anonymous users if you are using
concurrent user licensing.
|
| ENS user |
|
| LDAP user |
- Has a person object in an LDAP database.
- Types the common name, username or email address of the LDAP
person object, with the appropriate password for that object, to log
in to Tarantella.
- A person object in
ENS is used for the login
profile. This may be the one with the same name as the LDAP
person object, or one named
cn=LDAP Profile within the
organizational hierarchy. The ENS profile object
o=Tarantella System Objects/cn=LDAP Profile
is used as a fallback.
- Emulator sessions, password cache entries and web cache entries
belong to the LDAP person object.
- The ENS person object defines whether the user may log in,
and whether the account is shared between
different users.
|
| NT user |
- May not have a person object in ENS.
- Has a user account on the NT domain controller.
- Types the username and password for that user account to log in
to Tarantella.
- A person object in
ENS is used for the login
profile. If the user does not have a person object in ENS, the
ENS profile object
o=Tarantella System
Objects/cn=NT User Profile is used for the login profile.
- Emulator sessions, password cache entries and web cache entries
belong to the NT user. None of these is shared between different
users.
|
| SecurID user |
- May not have a person object in ENS.
- Has an account on the RSA ACE/Server®.
- Types their SecurID username and passcode to log in to Tarantella.
- A person object in
ENS is used for the login
profile. If the user does not have a person object in ENS, the
ENS profile object
o=Tarantella System
Objects/cn=SecurID User Profile is used for the login profile. - Emulator sessions, password cache entries and web cache entries belong to either the
Person object or SecurID User Profile object, depending on which is used.
|
| UNIX group |
- Has a UNIX account on the Tarantella host.
- Types the username and password for that UNIX account to log in
to Tarantella.
- A person object in
ENS named with the UNIX GID is used for the login profile. If
there's no person object with that name, the ENS profile object
o=Tarantella System Objects/cn=UNIX User
Profile is used.
- Emulator sessions, password cache entries and web cache entries
belong to the UNIX user. None of these is shared between different
users.
- The ENS person object determines whether the UNIX user may log in.
|
| UNIX user |
- Doesn't have a person object in ENS.
- Has a UNIX account on the Tarantella host.
- Types the username and password for that UNIX account to log in
to Tarantella.
- The ENS profile object
o=Tarantella System
Objects/cn=UNIX User Profile is used for the login profile.
- Emulator sessions, password cache entries and web cache entries
belong to the UNIX user. None of these is shared between different
users.
|
| Web user |
- May have a person object in ENS.
- Uses a username and password to log in to a web server.
- Depending on which web server authentication search method succeeded, the login profile is either:
- A person object in ENS, or
- The ENS profile object
o=Tarantella System Objects/cn=LDAP Profile, or
- The ENS profile object
o=Tarantella System Objects/cn=Web User Profile.
- Emulator sessions, password cache entries and web cache entries belong to either the
Person object, the LDAP Profile object or Web User Profile object depending on which object is used for the login profile. None of these is shared between different users.
|
Normally, users have their own person objects and person objects
are not shared between users. However, you may want to allow more than
one user to log in using the same username and password -- to share
the account, or enable "guest" access to a particular webtop. You can
do this using a person object's Shared Between Users
(Guest) attribute. ENS users or LDAP users may use shared
accounts. Anonymous users are always treated as using a shared
account.