Guide to Pharos Authentication
When setting up the Pharos system, you must determine how users will be authenticated, i.e. how they will log on to use Pharos services. Several options are available, including:
- Authentication against the Pharos Database, using the logon details (Logon ID and Password) specified in the User Accounts.
- Authentication against an existing network using a plug-in. Plug-ins
are available for authenticating users against an Active
Directory domain, a Novell NetWare Directory
Service or an LDAP-compliant authentication service.
The Pharos LDAP Logon Plug-in is a separately chargeable component. Contact your Pharos Authorized Reseller to obtain this Plug-in.
- Authentication against an external authentication service using a Pharos Logon Gateway. Pharos can interface with an existing third-party logon system via a Gateway, so that users are authenticated against their logon details in the third-party system.
- No user authentication. It is possible to set up the Pharos system so that users are not required to authenticate themselves. This makes it difficult to charge users, however, and has security implications, as users may have access to others' print jobs, which they could print or delete. (One way around this is to use Pharos Popups to attach a password to each job).
Details of the authentication system used are stored in the Pharos Database as a Pharos Bank. A Bank is a set of instructions for how to authenticate (and charge) users, which is attached to Print Services and Pharos Stations. Select the Bank that specifies the authentication method you are using, or set up a new one based on your needs.
Pharos Authentication
Authentication against Pharos verifies that the user of a resource either is the person paying for the usage or is allowed to charge resource use to a selected Charging Model and Cost Center, in the case of Third Party Charging.
Authentication against Pharos can be implicit or explicit. For example, when Pharos Uniprint is configured to charge the cost of print jobs to a cash card at the Pharos Station, authentication is implied by the fact the user owns the cash card they insert into the card reader. If Pharos Uniprint is configured to charge the cost of print jobs to a user account in the Pharos accounting module, the user must enter their user name and password at the Pharos Station in order to release a print job - an explicit authentication step. In Pharos the user name is called the Logon ID.
Network Authentication
To use networked resources, a user must gain access to them via a Network Authentication step. In general, most networks fall into one of two categories: authenticated and non-authenticated.
In an authenticated network, all users have a unique user account, and are required to use a user name and password to log on to workstations. In a non-authenticated network, workstations are automatically logged on to the network and any user with access to the building may use them. It is common in a non-authenticated network to have workstations automatically logged on to the network using the name of the workstation and a blank password, or have users log on with a common, widely known user name and password.
In general, an authenticated network allows Network Administrators to configure access privileges on networked resources differently between users and groups of users, but has the administrative overhead of maintaining a potentially large number of user accounts. A non-authenticated network removes this administrative overhead, but gives all users the same set of access privileges.
Use the Pharos Active Directory Logon Plug-in to authenticate users against a Windows Active Directory domain.
Use the Pharos NDS Logon Plug-in to authenticate users against a Novell NetWare Directory Service.
Pharos offers the Pharos LDAP Logon Plug-in for authenticating against an LDAP system. This plug-ins is a separately chargeable component. Contact your Pharos Authorized Reseller to obtain this plug-in.
Integration
Pharos has been designed to integrate with an existing network environment. The choice of how to configure the Pharos accounting system is often related to the authenticated/non-authenticated nature of the network.
When installing Pharos into an authenticated network, it is common to import user accounts into the Pharos database, and charge users for resource usage against their network user name. Where an external form of payment is required, such as debit cards, the use of plug-ins ensures that users use the same user name and password at the Pharos Station as they do for their network logon.
When installing Pharos into a non-authenticated network, it may be simpler to introduce debit cards to pay for the use of network resources than to introduce user accounts to which to charge the cost of resource usage. Where billing to a user account is required, user accounts can be entered into the Pharos database without the need for network user accounts. In this case every user is given a user name and password to access the Pharos system only - for releasing print jobs, making reservations, logging on to reserved workstations.
Workstation Logon
When using Pharos SignUp, the use of SignUp-controlled workstations must be recorded against an account in the Pharos database. The user is prompted to log on to the SignUp-controlled workstation. The user name and password used in this logon must be validated against the Pharos database.
In an authenticated network, Logon and ChangePassword Plug-ins must be used so that the user name and password entered by the user is also used to log the workstation on to the network. If Plug-ins are not used to pass the username/password validation through to the network operating system, the Pharos and network passwords may get out of synch, and one of the authentication steps will fail.
In a non-authenticated network, the user name and password used to log the workstation onto the network can be different from the Pharos user name and password. The user name and password is configured to be a common user name and password for all workstations, through the use of Environments.
Related Topics