2.1.1 Authenticating users
User authentication functionality enables you to verify login requests from a viewer (such as JP1/IM - View or JP1/AJS - View) to a manager (such as JP1/IM Manager or JP1/AJS - Manager), and configure and manage what types of operation each JP1 user can perform for JP1 resources, that is, jobs, jobnets, and other resources handled by JP1. Information on accessibility to JP1 resources or operating permission is called JP1 authentication information. The JP1 authentication information is managed and controlled as a set for each JP1 user on an authentication server.
For details on when each viewer connects to the authentication server, see the manual for each JP1 product that performs user authentication via JP1/Base.
- Organization of this subsection
(1) User authentication
User authentication prevents unauthorized access when users log in from a viewer such as JP1/IM - View or JP1/AJS - View. JP1/Base checks whether the login user matches a registered JP1 user name and password. Usually, JP1 user names and passwords are registered on the authentication server, and user authentication is performed on the authentication server.
In Windows, by linking with a directory server, the directory server can be used to user authentication. For details on user authentication by linking with a directory server, see 2.1.4 User authentication by linking with a directory server.
(2) Managing operating permissions for JP1 resources
There would be a security problem if all JP1 login users could perform all types of operations on JP1 resources in the system. Therefore, JP1 user access permissions and operating permissions for JP1 resources must be controlled for each user.
The JP1 resources each JP1 user can access is specified for a JP1 resource group.
For example, JP1/AJS classifies jobs, jobnets, and other JP1 resources into several groups, called JP1 resource groups. JP1/IM handles settings for JP1/IM as JP1 resource groups.
The types of operation granted to JP1 users permitted to access JP1 resource groups are specified as a JP1 permission level.
(3) Password policy-based management
When an attempt is made to register a JP1 user or to change a JP1 user's password, a check is performed to verify if the set password is in line with the password policy. This helps maintain a high level of security by preventing users from registering weak passwords and by reducing the risk of unauthorized access to JP1.
The following table describes the items set in the password policy.
|
Set item |
Range |
|---|---|
|
Minimum number of characters |
6 to 32 bytes |
|
Minimum number of character types |
One to four character types or special character types
|
To apply and use a more advanced password policy, link with a directory server (Active Directory) and set a password policy offered by the directory server.
(4) Example of user authentication
The following figure shows an example of user authentication where the JP1 user jp1user1 logs in to JP1/AJS - Manager:
|
|
![[Figure]](GRAPHICS/ZU010100.GIF)
On the manager host, specify which of the hosts running JP1/Base is to be the authentication server beforehand. The authentication server can be any host that runs JP1/Base. If you specified a different host as the authentication server, the other host will be requested to authenticate users.
The following figure shows an example of user authentication when a user logs in to both the host that is the authentication server and a host that is not the authentication server.
|
|
![[Figure]](GRAPHICS/ZU010200.GIF)