Skip past navigation linksSecure Global Desktop 4.31 Administration Guide > Users and authentication > The UNIX group login authority

The UNIX group login authority

Overview

The UNIX group login authority allows users to log in to Secure Global Desktop if they have UNIX/Linux accounts on the Secure Global Desktop host. All users in the same UNIX/Linux group have the same webtop content.

This login authority is enabled by default.

Logging in

The user types a UNIX/Linux username and password.

Authentication

  1. This login authority checks the username and password against the UNIX/Linux user database.
  2. If the authentication fails, the next login authority is tried.
  3. If the authentication succeeds, the user may log in if the May Log In To Secure Global Desktop attribute for the login profile is checked. If this attribute is cleared, the user may not log in and no further login authorities are tried.

User identity

The identity is always .../_user/UNIX-username.

Login profile

The login authority searches ENS for a person object cn=gid, where gid is the UNIX group ID. If found, this is used as the login profile. If the user belongs to more than one group, the user's primary or effective group is used.

If no person object is found in ENS, the profile object o=Secure Global Desktop System Objects/cn=UNIX User Profile is used.

Emulator sessions and password cache entries

Emulator sessions and password cache entries belong to the UNIX user.

Secure Global Desktop and PAM

Secure Global Desktop supports Pluggable Authentication Modules (PAM). The UNIX group login authority uses PAM for user authentication, account operations and password operations.

When you install Secure Global Desktop, Secure Global Desktop Setup automatically creates PAM configuration entries for Secure Global Desktop by copying the current configuration for the passwd program.

Related topics