Source:Troubleshooting Authentication

From SEPsesam
Revision as of 19:07, 21 March 2022 by Unknown (talk | contribs) (Updating to match new version of source page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:


Template:Copyright SEP AG en

Docs latest icon.png Welcome to the latest SEP sesam documentation version 5.0.0 Jaglion. For previous documentation version(s), check documentation archive.


Troubleshooting SEP sesam authentication

After updating to SEP sesam version 5.0.0.x, no user other than the special user administrator (Windows) or root (Linux) is elevated to superuser

Problem

  • After updating SEP sesam to version ≥ 5.0.0 Jaglion, the GUI complains that superuser rights are required, but only administrator rights are listed for this GUI user. The administrator user is not elevated to superuser and access to the GUI is not possible without authentication.

Cause

  • This is the normal behavior for Java policy authentication. After the initial installation of SEP sesam, no users other than the superuser are configured. As the name implies, the permissions of the superuser account are unrestricted. As of 5.0.0 Jaglion, the superuser is the only user type with full control over the SEP sesam environment. It is automatically assigned exclusively to the Administrator user when database-based authentication is enabled. If policy-based authentication is enabled, this user type with superuser rights is assigned to Administrator (on Windows and Linux), root (Linux only) and sesam user. For more details, see User Roles and Permissions and About Authentication and Authorization.

Solution
 If you use policy-based authentication (sm_java.policy) and log in from localhost, you can gain superuser rights if your username is not listed in sm_java.policy. This is possible if the localFullAccess parameter is enabled (set to true in the <SESAM_ROOT>/var/ini/sm.ini file). There is no such workaround for database-based authentication, as only administratorAdministrator (on Windows and Linux) and root (Linux only) can become superuser.

See also

About Authentication and AuthorizationConfiguring Database-Based AuthenticationConfiguring LDAP/AD AuthenticationConfiguring Policy-Based AuthenticationConfiguring Certificate-Based AuthenticationUser Roles and PermissionsUsing Access Control Lists

Retrieved from "https://wiki.sep.de/wiki/index.php?title=Source:Troubleshooting_Authentication/en&oldid=217753"