Services containing personal user data, or consuming a lot of resources, are limited to registered users. In order to do this, each user has one or more accounts associated with services. To user certain services a user needs to authenticate using their credentials : a login (username) and password (secret phrase). Accounts may also contain general user information and specific configuration parameters.
Each user begins with at least one account in the central user database, the master account, containing credentials to access most services. This account is only deleted when the user leaves.
As the central database is a LDAP database, the master account is often called a LDAP Account.
Account Requirement for Services
On each service description an Account field may have the following values:
- none: no account is needed to access this service
- Global: this service uses the central user database, which means you don't have to remember lots of credentials but only those associated with your master account
- Local: this service is either considered not secure enough or is not able to use the central database, and specific credentials are needed; when you update your master account password, the local password remains unchanged and needs to be updated separately
Security sensitive services won't use basic credentials but either:
- an RSA/DSA key (like for SSH)
- or a GPG key (like for signed mails)
This will be advertised in the service description.