|
|
|
|
|
Connect Daily has a flexible authentication structure. You can pick the authentication method that makes the most sense for your organization.
Provider |
Requirements |
Benefits |
Drawbacks |
|---|---|---|---|
Plain Text Password |
Database |
Users can have passwords sent via EMail. |
Least secure. Passwords are visible in the database. If Users reuse passwords across applications, this can be an issue. |
MD5 Hash (DEFAULT) |
Database |
More secure. |
Not invulnerable. Passwords stored in database susceptible to dictionary attack. |
Cookie Based Single Signon Authenticator |
External Web Application |
Users can signin to one web application and then be transparently logged into Connect Daily. |
Somewhat complicated to configure. |
LDAP Authentication |
LDAP directory (NDS, OpenLDAP, etc) |
Centralized password repository. User has only one password for network and application. Optionally, directory can be used to control application security. |
More complex to configure and setup. |
LDAP Active Directory Authentication |
Windows 2000 Server or higher w/ Active Directory. MS Certificate Authority Installed |
Same as LDAP. |
Same as LDAP. |
Container Authentication |
Authentication Services provided by servlet container or Web Server |
Single Sign-on between applications. |
|
If your organization is large and has standardized on an LDAP directory service, then we recommend that you use this as the authentication provider for Connect Daily.
The source code for each authentication provider is also in the cdaily-3.4.16/WEB-INF/misc/security directory. If you wish, you can create your own authentication provider that provides login services to Users.
One final thing to note about the LDAP authentication providers: you will still have to add your Users to the Connect Daily database before they can login. If you want to eliminate this step, you will have to override the LDAP provider to create the Users if they do not exist.