For the Harvest SCM Server this article discusses the method that the hserver process uses to authenticate the userids and passwords provided by users when logging into Harvest Workbench, Administrator Tool, Harweb or command line utilities.
For the Harvest SCM Agent this article discusses the method that the agntd process uses to authenticate the userids and passwords used when connecting to the agent (-rusr and –rpw for command line utilities or the “Login Name” and “Password” fields on the Remote Agent Login window in Workbench)
When configuring the Harvest SCM Server or Agent for authentication on a Unix or Linux platform you have 3 choices:
- “-authmode=internal” – with this setting, the hserver process will search for and authenticate the user based on the information inside the Harvest database. The agntd process will search for and authenticate the user based on the contents of the Unix/Linux machine’s /etc/passwd file.
- “-authmode=openldap” – with this setting, Harvest will authenticate userids and passwords directly from your network’s LDAP directory but additional configuration settings are required for this:
-ldapserver=”hostname1[:port1] [hostname2[:port2] [hostname3[:port3]…]”
Defines one or more host names of the LDAP server
-ldapbinddn=distinguished-name
Defines the LDAP initial bind distinguished name (DN) to the LDAP Server. For all authentication operations, only the initial DN is used to bind to the LDAP directory.
-ldapbindpw=password (or -ldapbindpwfile=encryptedpasswordfile.dfo)
Defines the password for the LDAP distinguished name used for the initial bind. Do not enter spaces.
-ldapsearchtimeout=seconds
(Optional) Defines the number of seconds to search for a user in the LDAP directory; for example, when a user attempts to log in to the product.
-ldapbasedn=base-distinguished-name
Defines the base distinguished name (DN) used when searching in the LDAP server.
-ldapfilter=search-filter
Defines an RFC-2254-compliant search filter for locating a user. For example, when a user attempts to log in to product, this filter is used to search for the user in the LDAP server.
-ldapattrusrname=attribute-name
(Optional) Defines your LDAP server's user attribute name for user name.
-ldapmode={none|tls|ssl}
--- other optional parameters might be needed as well.
- "-authmode=pam” – with this setting, login credentials are passed to your Unix/Linux box’s “Pluggable Authentication Module” which *must* be configured by your Unix/Linux System Administrator to correctly complete the authentication for the “hserver” and/or “agntd” processes. The beauty of the “Pluggable Authentication Module” is that you can create general authentication rules that all applications and services will use, or customize authentication options for specific applications and/or processes. The details of how to configure the Pluggable Authentication Module vary for the different types of Unix and Linux operating systems, and your System Administrator *must* help to complete this configuration for you.
These settings are found in the argument files for the specific components you want to configure:
For the hserver component the file is named hserver.arg
For the agntd component the file is named hagent.arg
More details about authentication options can be found in the Harvest SCM Implementation Guide.