2.1.2 User authentication block
A group of hosts that references the same authentication server when authenticating users is called a user authentication block. A user authentication block indicates a range of hosts managed by the same authentication server. To build a user authentication block, specify the same authentication server on each host where a manager product (such as JP1/IM - Manager or JP1/AJS - Manager) has been installed.
The following are examples in both JP1/IM and JP1/AJS:
Usually, user authentication is required when you connect from JP1/IM - View to JP1/IM - Manager or from JP1/AJS - View to JP1/AJS - Manager. However, suppose you log in from JP1/IM - View to JP1/IM - Manager and call the JP1/AJS - View monitor window from JP1/IM - View to connect to JP1/AJS - Manager on another host. In this case, login is not required if the following hosts belong to the same authentication block: the host to which JP1/AJS - View connects, and the host where you have logged in with JP1/IM - View. If the host to which JP1/AJS - View connects is not located in the same authentication block as the host where you have logged in with JP1/IM - View, you must log in using a JP1 user name registered with the authentication server that manages the host.
- Organization of this subsection
(1) Example of user authentication with two user authentication blocks
The following figure shows an example of user authentication where you define two user authentication blocks:
|
|
![[Figure]](GRAPHICS/ZU010300.GIF)
(2) Example measures for enhancing the reliability of authentication servers
Authentication servers are important hosts that manage users in the entire system. You should take appropriate measures to prevent operations from being disrupted if the system cannot connect to an authentication server for any reason. The following shows some example measures you can take to enhance the reliability of authentication servers:
- Install a secondary authentication server.
-
You can install a secondary authentication server. If the primary authentication server fails, you can switch to the secondary authentication server to continue operation. For details on the secondary authentication server, see 2.1.3 Secondary authentication server.
- Use authentication servers in a cluster system.
-
JP1/Base supports cluster systems. If you operate an authentication server in a cluster system and the authentication server on the primary node fails, you can switch to the authentication server on the secondary node to continue operation. For details on how to operate an authentication server in a cluster system, see 5. Setting Up JP1/Base for Use in a Cluster System.
- Monitor the status of the connections to the authentication servers.
-
You can monitor the status of the connection to an authentication server. If the system cannot connect to the authentication server due to its failure or a network error, you can detect the status immediately and take corrective action. If JP1/Base cannot connect to an authentication server, it outputs a message to the integrated trace log. Therefore, the log helps you monitor the status of the connection to the authentication server.
When you use a secondary authentication server, JP1/Base can also output a message to the integrated trace log if the status of authentication server connection is changed automatically and issue the message as a JP1 event. For details on how to issue a JP1 event indicating the blocked status of the authentication server, see 4. Setup for Handling Possible Errors in JP1/Base.