The Internal authentication type allows you to authenticate a user against a set of user names and passwords that are maintained in a text file on the CentraSite Registry/Repository. Passwords are stored in SHA-512 hashed format; they cannot be decrypted. All user names and passwords are case-sensitive.
A typical use of such an authentication type would be during the initial set-up and testing of all required CentraSite components. In a production environment, one would typically use a central repository, e.g. Microsoft Active Directory or LDAP, instead of Internal authentication.
The domain name for the Internal authentication type is always "INTERNAL"; this cannot be changed. A user who is registered in the text file can log in using the domain and name "INTERNAL\<UserName>", where <UserName> is the registered user name.
The Internal user repository initially contains one predefined user named "Administrator" with the password "manage". This user logs in using the domain and user name "INTERNAL\Administrator". If your default authentication configuration is the Internal configuration, this user can log in using just the user name "Administrator", without specifying the domain name explicitly.
 |
Warning: As soon as possible after completing installation, you should change the password that is associated with the user "Administrator"! |
The dialog for creating a configuration for Internal authentication (see the section Creating Authentication Configurations) asks for the following values:
| Parameter | Description |
|---|---|
| Domain ID | The domain ID is always "INTERNAL". This cannot be changed. |
| Expiration | The number of seconds that the user is cached in the server after successful authentication. Changes made to the user, e.g. deletion or password changes, do not take effect until this time has elapsed. |
CentraSite provides a command line tool ssxtxtpasswd to allow you to perform administration tasks on the internal authentication file, such as adding users, deleting users and changing passwords.
The command line tool is located at <SuiteInstallDir>\common\security\ssx_32\bin\ssxtxtpasswd.exe (Microsoft Windows 32-bit systems) or <SuiteInstallDir>\common\security\ssx_64\bin\ssxtxtpasswd.exe (Microsoft Windows 64-bit systems) or <SuiteInstallDir>/common/security/ssx/bin/ssxtxtpasswd (UNIX).
The text file is located at <SuiteInstallDir>/common/conf/users.txt (Microsoft Windows and UNIX).
The usage of the command line tool is as follows:
ssxtxtpasswd [-f filename] [-c] [-p password] [-d] UserId
The following example prompts the user to enter the password. The password is not echoed as is it typed in.
ssxtxtpasswd -f <SuiteInstallDir>/common/conf/users.txt <UserID>
If the user name already exists, the password will be replaced. If the user name does not already exist, a new entry with the given user name and password will be added.
The parameter -c creates the file for the
repository, if it does not already exist. If -c is
omitted and the file does not exist, an error is returned. The
-c and -d parameters are mutually
exclusive.
With "-p password", a password can be provided directly in the command line. This is mainly for scripting purposes, and prevents the tool from prompting for the password.
|
Warning: Be careful when writing scripts that use the ssxtxtpasswd -p parameter. Any script that contains a password in
plaintext is a potential security hazard. |
When "-d" is specified, the user name is
removed from the repository. The -c and
-d parameters are mutually exclusive.
