User Authentication

This section lists and describes the methods supported for authenticating the DSS Hub Server user and DSS Agent user. In Data Source Solutions DSS, users typically refer to individuals who interact with the DSS Hub and DSS Agent. Access to the DSS Hub and DSS Agent is managed through user accounts and a user permissions system. A user account consists of a username and password used for authentication.

You can set the authentication method for a user only during user creation in DSS. When you create a user, they are added to the DSS repository.

By default, all user authentication methods in DSS require the user to exist in the DSS repository before authentication can proceed. However, when user provisioning is enabled, users who do not exist in the repository are automatically added after they successfully log in using an external authentication method (such as PAM, Plugin, SAML, or Windows).

To manually add a user in DSS, use one of the following options in the DSS UI or command-line interface (CLI):

• For DSS Hub users, use the Add User option in the DSS UI or the dssuserconfig command (options <b>-A</b>, <b>-c</b>) in the CLI.

• For DSS Agent users, use the Add User option in the DSS UI or the dssagentuserconfig command (options <b>-A</b>, <b>-c</b>) in the CLI.

User Authentication Methods

The following user authentication methods are available in DSS:

• Kerberos
• Local
• PAM
• Plugin
• SAML <b>Since</b> v6.2.5/2
• Windows

Kerberos

The user is authenticated using the Kerberos authentication method. To use this authentication method, Kerberos must be configured on the user's machine or network.

Local

The user is authenticated using the username and password of a local user. In this authentication method, the user account credentials are created and stored locally in the DSS system.

PAM

The user is authenticated using the username and password of a user available in the Pluggable Authentication Module (PAM). PAM is a service that validates user credentials on Linux and Unix systems, serving as an alternative to the traditional local (username/password) authentication (e.g., checking the /etc/passwd file).

To use this authentication method, PAM must be configured in the user machine or network. In this authentication method, DSS uses the PAM authentication service to authenticate a user on Linux and Unix systems.

The default PAM authentication service used is login. To use a different PAM service, you must configure the PAM Authentication Settings using the DSS UI or CLI:

• For DSS Hub users, use the PAM Authentication Settings option in the DSS UI or the dssreposconfigcommand in the CLI.

• For DSS Agent users, use the Advanced Authentication Options for PAM in the DSS UI or the dssagentconfig command in the CLI.

Plugin

The user is authenticated using a custom authentication plugin. In this authentication method, DSS allows you to supply your own plugin for authenticating the users. The custom plugin file must be named as dssauth and saved in the DSS_CONFIG/plugin/authentication/ directory. An example of the custom authentication plugin can be found in the DSS_HOME/plugin_examples/authentication/ directory.

SAML

<b>Since</b> v6.2.5/2

The user is authenticated by a third-party identity provider using SAML 2.0. To use this authentication method, you must configure SSO for the DSS Hub.

Windows

The user is authenticated using a username and password of the Windows user available in the Active Directory (AD). In this authentication method, DSS uses the Windows user account to authenticate a user.

See Also

• Command dssuserconfig
• Command dssagentuserconfig
• Setting up DSS Hub
• Configuring DSS Agent
• Users
• User Provisioning