4 4 3:Configuring Database-Based Authentication
Copyright © SEP AG 1999-2018. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.
SEP sesam provides different authentication methods that are mutually exclusive: policy-based authentication and database-based authentication (available in version ≥ 4.4.3 Tigon). Only one can be active at any time. By default, policy-based authentication is active.
Activating database-based authentication has to be done via GUI to set the administrator password. Once SEP sesam GUI Server and Client are restarted, the administrator is able to configure the user access rights (based on user type). SEP sesam user types are admin, operator and restore.
- Admin is the only user role with full control over the SEP sesam.
- The Operator monitors the SEP sesam Server backup status.
- The Restore user is only allowed to start restores.
Note that the displayed GUI components depend on the user type. For details on GUI elements, see SEP sesam GUI.
- DB-based authentication requires SEP sesam Server ≥ 4.4.3 Tigon.
- Make sure that the reverse DNS resolution (from IP address to host name) is set up correctly. If the name resolution for the selected host is not correct, the connection to the GUI server fails. For details, see How to check DNS configuration.
Activating database-based authentication in GUI
- In the GUI, from the menu bar select Configuration ‐> Permission Management.
- Click Activate Authentication. Set up the password for the Administrator user; note that this is the only way to set the administrator's password.
- After activating the authentication mode and confirming your action, SEP sesam GUI will restart automatically. You have to restart SEP sesam Client manually for the changes to take effect.
- Log in as an administrator to configure the users and grant them appropriate permissions.
- Under the Users tab, click Create to configure a new user. The Change User window opens.
- Specify a name, password and assign a user to the relevant group, for example, RESTORE.
- A user can be a member of more groups. Under the Groups tab, double-click the relevant group and select or deselect the users to assign them to the respective group or remove them from it.
|When activating database-based authentication via GUI, parameter authEnabled is changed to true in the sm.ini file. Setting the flag to false enables policy-based authentication and deactivates database-based authentication.|
Deactivating database-based authentication
- In the GUI, from the menu bar select Configuration ‐> Permission Management -> tab Activation.
- Click Deactivate Authentication.
- After deactivating the authentication mode and confirming your action, SEP sesam GUI will restart automatically. You have to restart SEP sesam Client manually for the changes to take effect.
- Now policy-based authentication is enabled and the flag authEnabled is set to false in the sm.ini file.