2.1.1 Authenticating users
User authentication functionality enables you to verify login requests from a viewer (such as JP1/IM - View or JP1/AJS - View) to a manager (such as JP1/IM Manager or JP1/AJS - Manager), and configure and manage what types of operation each JP1 user can perform for JP1 resources, that is, jobs, jobnets, and other resources handled by JP1. You can use the JP1/Base authentication server for centralized management of access and operating permissions for JP1 resources.
For details on when each viewer connects to the authentication server, see the manual for each JP1 product that performs user authentication via JP1/Base.
- Organization of this subsection
(1) Login authentication
Login authentication prevents unauthorized access when users log in from a viewer such as JP1/IM - View or JP1/AJS - View. JP1/Base checks whether the login user matches a registered JP1 user name and password. Usually, JP1 user names and passwords are registered on the authentication server, and login authentication is performed on the authentication server.
In Windows, by linking with a directory server, the directory server can be used to authenticate logins. For details on login authentication by linking with a directory server, see 2.1.4 Login authentication by linking with a directory server.
(2) Managing operating permissions for JP1 resources
There would be a security problem if all JP1 login users could perform all types of operations on JP1 resources in the system. Therefore, JP1 user access permissions and operating permissions for JP1 resources must be controlled for each user.
The JP1 resources each JP1 user can access is specified for a JP1 resource group.
For example, JP1/AJS classifies jobs, jobnets, and other JP1 resources into several groups, called JP1 resource groups. JP1/IM handles settings for JP1/IM as JP1 resource groups.
The types of operation granted to JP1 users permitted to access JP1 resource groups are specified as a JP1 permission level.
(3) Example of user authentication
The following figure shows an example of user authentication where the JP1 user jp1user1 logs in to JP1/AJS - Manager:
|
|
![[Figure]](GRAPHICS/ZU010100.GIF)
On the manager host, specify which of the hosts running JP1/Base is to be the authentication server beforehand. The authentication server can be any host that runs JP1/Base. If you specified a different host as the authentication server, the other host will be requested to authenticate users.
The following figure shows an example of user authentication when a user logs in to both the host that is the authentication server and a host that is not the authentication server.
|
|
![[Figure]](GRAPHICS/ZU010200.GIF)