Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Previous Next

Document Information

Preface

1.  Networking and Security

2.  User Authentication

Secure Global Desktop Authentication

User Identity

User Profile

System Authentication Mechanisms

Password Expiry

Security and Passwords

Active Directory Authentication

How Active Directory Authentication Works

Setting Up Active Directory Authentication

Preparing for Active Directory Authentication

Configuring SGD for Kerberos Authentication

How to Enable Active Directory Authentication

Anonymous User Authentication

How Anonymous User Authentication Works

How to Enable Anonymous User Authentication

LDAP Authentication

How LDAP Authentication Works

Setting Up LDAP Authentication

Preparing for LDAP Authentication

How to Enable LDAP Authentication

SecurID Authentication

How SecurID Authentication Works

Setting Up SecurID Authentication

Configuring SGD Servers as Agent Hosts

How to Enable SecurID Authentication

Third-Party Authentication

How Third-Party Authentication Works

Setting Up Third-Party Authentication

How to Enable Third-Party Authentication

SGD Administrators and Third-Party Authentication

Trusted Users and Third-Party Authentication

UNIX System Authentication

How UNIX System Authentication Works

UNIX System Authentication and PAM

How to Enable UNIX System Authentication

Windows Domain Authentication

How Windows Domain Authentication Works

How to Enable Windows Domain Authentication

Passwords, Domains, and Domain Controllers

Tuning Directory Services for Authentication

Filtering LDAP or Active Directory Logins

LDAP Discovery Timeout

Using Service Objects

Password Expiry

LDAP Password Update Mode

Sites

Whitelists

Blacklists

Search Only the Global Catalog

Suffix Mappings

Domain Lists

Lookup Cache Timeout

LDAP Operation Timeout

Active Directory Authentication and LDAP Discovery

Troubleshooting Secure Global Desktop Authentication

Setting Log Filters for Authentication Problems

Denying Users Access to SGD After Failed Login Attempts

Users Cannot Log In to Any SGD Server

Using Shared Accounts for Guest Users

Solaris OS Users Cannot Log in When Security is Enabled

An Ambiguous User Name Dialog Is Displayed When a User Tries to Log in

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

Anonymous User Authentication

Anonymous user authentication enables users to log in to SGD without using a user name and password.

As users are anonymous, SGD assigns each anonymous user a temporary user identity. The user identity is only effective while the user is logged in.

Anonymous user authentication is disabled by default.

This section includes the following topics:

How Anonymous User Authentication Works

At the SGD login screen, the user clicks the Log In button, leaving the user name and password blank.

If the user types a user name or a password, the authentication fails and the next authentication mechanism is tried.

If both the user name and the password are blank, the user is authenticated and is logged in.

User Identity and User Profile

As the user does not supply a user name or password when they log in, SGD assigns a temporary user identity. In the SGD datastore, the user identity is in the DNS namespace. In the Administration Console, the user identity is displayed as server:number (anon). On the command line, the user identity is displayed as .../_dns/server/_anon/number.

The profile object System Objects/Anonymous Profile is always used for the user profile. All anonymous users receive the same webtop content.

Application Sessions and Password Cache Entries

Each user logged in anonymously has independent application sessions. The application sessions end automatically when the user logs out even if the application is configured to be always resumable.

All password cache entries belong to the System Objects/Anonymous User Profile object. All anonymous users share the same application server passwords. Anonymous users cannot add or change entries in the password cache. This means that, unless an SGD Administrator has cached application server passwords for them, anonymous users are prompted for a password every time they start an application. Use the Administration Console or the tarantella passcache command to manage application server passwords for the System Objects/Anonymous User Profile object.

How to Enable Anonymous User Authentication

  1. In the Administration Console, display the Secure Global Desktop Authentication Configuration Wizard.

    Go to the Global Settings -> Secure Global Desktop Authentication tab and click the Change Secure Global Desktop Authentication button.

  2. On the Third-Party/System Authentication step, ensure the System Authentication check box is selected.

  3. On the System Authentication - Repositories step, select the Anonymous check box.

  4. On the Review Selections step, check the authentication configuration and click Finish.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next