Jump to content

is Ext Auth my best option?


This topic is 5604 days old. Please don't post here. Open a new topic instead.

Recommended Posts

I'm currently re-developing a integrated 20-database solution from FMP6 to FMP8 for use on a central server. My current head-scratching is due to the question, "What should I do about user accounts?" I've been doing a bunch of reading (i.e. the Technology Brief on Filemaker Server External Authorization) and am thinking Ext Auth will not be my solution. From what I understand, Ext Auth has to do with authorization of network OS accounts, correct? Why I don't think it'll work:

Originally, the databases were contained on a Mac OSX server running FMS5 (not sure if the new software will be FMS8 or FMSA8) and accessed by any one of four computers over the network. The computers are permanently (auto-) logged in so the users do not have unique OSX accounts (20 users).

The way I had the FMP6 version set up was with a staff list database (Staff_List.fp5) that had a username/password per record ("account"). The user opened a Login.fp5 database and entered their username/password; then it authenticated by a script. The Login.fp5 database then logged in to the main menu using the appropriate one of four Staff_List.fp5 database-authenticated accounts. This gave the four levels of control needed.

Now, what I seem to understand about Server Ext Auth is that it authenticates to the network accounts of which the user logs onto their computer. Correct? So if I understand that correctly, I take it that that solution will not work for me.

So should I continue my Staff_List.fp5 database method and have it ReLogin() using one of the four appropriate "Filemaker Authenticated" accounts?

Thanks for your help!

Edited by Guest
Link to comment
Share on other sites

o should I continue my Staff_List.fp5 database method and have it ReLogin() using one of the four appropriate "Filemaker Authenticated" accounts?

No. This is very insecure and can be easily hacked.

As decribed in the tech brief, set up groups in your database and matching groups locally on the Server or in Open Directory or Active Directory.

Place the Accounts into the directory service. When a user authenticates his or her access to the database will be controlled by the Group. That way the databse files has no Accounts other than one [Full Access] Account. Do not authenticate a [Full Access] Account externally.

HTH

Steven

Link to comment
Share on other sites

Now, what I seem to understand about Server Ext Auth is that it authenticates to the network accounts of which the user logs onto their computer. Correct? So if I understand that correctly, I take it that that solution will not work for me.

The external accounts & groups don't have to be network accounts. You can create those on the FMS machine itself if you have on Open Directory or Active Directory running.

Link to comment
Share on other sites

This topic is 5604 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.