Skip to main content
Previous sectionNext section

Authentication Mechanisms

Authentication is the process of verifying the identity of a user attempting to connect to Caché. Once authenticated, a user can communicate with Caché and use its tools and resources. Caché supports several different authentication mechanisms:

  • Kerberos Authentication System — For maximally secure connections, Caché can use the Kerberos protocol to enable users and Caché to identify each other and to ensure the validity of communications within a session. Kerberos provides secure authentication over insecure networks.

  • Operating System Based — Caché can use the operating system's user identity to identify the user. The user authenticates with the operating system using its native authentication system. Caché then obtains the user's operating system level identity when the user attempts to connect. If this information matches a Caché user, authentication succeeds.

  • Caché Login — Caché also provides its own login mechanism. When the user attempts to log in Caché compares the hashed value of the password with the value stored in Caché. If the values match, authentication succeeds.

  • Delegated Authentication — Caché also supports user defined custom authentication mechanisms.

  • Lightweight Directory Access Protocol (LDAP) — Caché supports authentication using LDAP.

In addition, Caché supports two-factor authentication. Two-Factor authentication requires that a user provide a second security token in addition to an initial password. This second token can be secret code generated by Caché and sent by SMS to the user. New with the 2015.2 release, the second token can also be a code generated by a Time-based One-time Password Algorithm (TOTP) app.

Caché also provides the option of allowing users to access Caché unauthenticated. In this mode users can connect to Caché without using any authentication mechanism whatsoever.

Note:

Authorization is the process of determining which Caché resources an authenticated user is allowed to access. Caché provides authorization functionality in addition to its authentication functionality. For more information on user authorization in Caché, read Part Two of this tutorial.