Overview

User authentication can take place using any of the following options:

• Using Helix Authentication Service in conjunction with an identity provider (IdP)

• LDAP authentication against an Active Directory or LDAP server that is accessed according to an LDAP specification. Enabling this option disables trigger-based authentication.

• Against Helix Server’s internal user database, db.user. This option allows plain-text password-based authentication. It is described in Authentication with password and ticket .

• Against an authentication server, using an authentication trigger. These types of triggers are useful if you need to authenticate users against a non-standard authentication server. Authentication triggers fire when the p4 login or p4 passwd commands execute. This option is described in the section Triggering to use external authentication.

The authentication server you choose is used for user definitions, user authentication (passwords), group definitions, license details, and ticket generation.

Authentication is configured on a per-user basis (except for trigger-based authentication): for each user, you can specify what method should be used for authentication. Some options are mutually exclusive: enabling configuration-based LDAP authentication turns off trigger-based authentication. However, you can have some users authenticate using LDAP, while others authenticate against Helix Server’s internal user database. For more information, see Defining authentication for users.

When logging in using either authentication method, Helix Server encrypts the password before passing it to the specified authentication agent.