AccountType: Difference between revisions

From DcUsers
(Created page with "Services containing personal user data, or consuming a lot of resources, are limited to registered users. In order to do this, each user has one or more accounts associated with …")
 
No edit summary
 
Line 1: Line 1:
== Introduction ==

Services containing personal user data, or consuming a lot of resources, are limited to registered users. In order to do this, each user has one or more accounts associated with services. To user certain services a user needs to authenticate using their credentials : a login (username) and password (secret phrase). Accounts may also contain general user information and specific configuration parameters.
Services containing personal user data, or consuming a lot of resources, are limited to registered users. In order to do this, each user has one or more accounts associated with services. To user certain services a user needs to authenticate using their credentials : a login (username) and password (secret phrase). Accounts may also contain general user information and specific configuration parameters.


Each user begins with at least one account in the central user database, the ''master account'', containing credentials to access most services. This account is only deleted when the user leaves.
Each user begins with at least one account in the central user database, the ''master account'', containing credentials to access most services. This account is only deleted when the user leaves.

As the central database is a LDAP database, the master account is often called a ''LDAP Account''.

== Account Requirement for Services ==


On each service description an ''Account'' field may have the following values:
On each service description an ''Account'' field may have the following values:
Line 8: Line 14:
* ''Local'': this service is either considered not secure enough or is not able to use the central database, and specific credentials are needed; when you update your master account password, the local password remains unchanged and needs to be updated separately
* ''Local'': this service is either considered not secure enough or is not able to use the central database, and specific credentials are needed; when you update your master account password, the local password remains unchanged and needs to be updated separately


== Alternate Authentication ==
As the central database is a LDAP database, the master account is often called a ''LDAP Account''.

Security sensitive services won't use basic credentials but either:
* an RSA/DSA key (like for SSH)
* or a GPG key (like for signed mails)

This will be advertised in the service description.

Latest revision as of 23:11, 26 January 2012

Introduction

Services containing personal user data, or consuming a lot of resources, are limited to registered users. In order to do this, each user has one or more accounts associated with services. To user certain services a user needs to authenticate using their credentials : a login (username) and password (secret phrase). Accounts may also contain general user information and specific configuration parameters.

Each user begins with at least one account in the central user database, the master account, containing credentials to access most services. This account is only deleted when the user leaves.

As the central database is a LDAP database, the master account is often called a LDAP Account.

Account Requirement for Services

On each service description an Account field may have the following values:

  • none: no account is needed to access this service
  • Global: this service uses the central user database, which means you don't have to remember lots of credentials but only those associated with your master account
  • Local: this service is either considered not secure enough or is not able to use the central database, and specific credentials are needed; when you update your master account password, the local password remains unchanged and needs to be updated separately

Alternate Authentication

Security sensitive services won't use basic credentials but either:

  • an RSA/DSA key (like for SSH)
  • or a GPG key (like for signed mails)

This will be advertised in the service description.