Previous Topic Next topic Print topic


How osesm Works

With the osesm security manager, users sign on to MFDS, Enterprise Server Administration, and/or MSS using their Windows username and password.

Note: osesm only supports the Verify operation (user sign-on). It does not do any resource access control (the Auth and XAuth operations). To control access to resources for signed-on users, you will need to configure another ESM module lower in the list for that purpose.

By default osesm first tries to sign a user on locally. If that fails, it does a search in the default domain (in the domain forest, on Windows 2003 and later) and tries again in the first domain where it finds the user. You can specify a different domain to try initially in the security manager configuration.

Note: osesm is limited to the signon IDs that Windows normally allows, and therefore it cannot verify a user in a domain that is not trusted by the local system. osesm can authenticate users from any domain that is listed in the Windows sign-on dialog. It cannot authenticate signons of the form username@domain.tld: the signon screens do not support this.

osesm supports ESF Passtokens, which can be used to automatically pass credentials between MFDS and the Enterprise Server administration UI, if both the directory server and Enterprise Server are configured to use osesm.

Previous Topic Next topic Print topic