Native Authentication

The native platform authentication service allows users to logon to Host On-Demand using the same password as they would to logon to the operating system (Windows NT, AIX or z/OS) where Host On-Demand is active. When a user logs on to Host On-Demand, their password is validated against the system password, rather than a separate Host On-Demand password. This gives the Administrator a single point of control for password administration, and the user a single password to remember.

When a user logs on:

1. The user ID and password are sent to the Host On-Demand service manager.
2. The service manager sends a request for logon information about the user to the LDAP server.
3. The LDAP server returns the requested user information and whether or not the user is configured for native authentication.
4. If the user is configured to use native authentication, the service manager sends the authentication user ID and the password to the operating system for verification. If the user is not configured for native authentication, the service manager compares the password that was entered by the user with the password returned by the LDAP server.

To allow users to have passwords with upper case letters, add LowerCasePasswords = false to the file NSMPROP, located in the install_directory\lib directory. The service manager reads this file at startup and uses the LowerCasePasswords parameter to determine password case. Host On-Demand uses lower case letters by default.

Related Topics

1. Native Authentication requirements
2. Installing the native platform authentication service
3. Starting the native platform authentication service
4. Configuring current users for native authentication
5. Enabling Windows NT users for native authentication