is Ext Auth my best option?

[gephry]

I'm currently re-developing a integrated 20-database solution from FMP6 to FMP8 for use on a central server. My current head-scratching is due to the question, "What should I do about user accounts?" I've been doing a bunch of reading (i.e. the Technology Brief on Filemaker Server External Authorization) and am thinking Ext Auth will not be my solution. From what I understand, Ext Auth has to do with authorization of network OS accounts, correct? Why I don't think it'll work:

Originally, the databases were contained on a Mac OSX server running FMS5 (not sure if the new software will be FMS8 or FMSA8) and accessed by any one of four computers over the network. The computers are permanently (auto-) logged in so the users do not have unique OSX accounts (20 users).

The way I had the FMP6 version set up was with a staff list database (Staff_List.fp5) that had a username/password per record ("account"). The user opened a Login.fp5 database and entered their username/password; then it authenticated by a script. The Login.fp5 database then logged in to the main menu using the appropriate one of four Staff_List.fp5 database-authenticated accounts. This gave the four levels of control needed.

Now, what I seem to understand about Server Ext Auth is that it authenticates to the network accounts of which the user logs onto their computer. Correct? So if I understand that correctly, I take it that that solution will not work for me.

So should I continue my Staff_List.fp5 database method and have it ReLogin() using one of the four appropriate "Filemaker Authenticated" accounts?

Thanks for your help!

Edited July 26, 2006 by Guest

[Steven H. Blackwell]

o should I continue my Staff_List.fp5 database method and have it ReLogin() using one of the four appropriate "Filemaker Authenticated" accounts?

No. This is very insecure and can be easily hacked.

As decribed in the tech brief, set up groups in your database and matching groups locally on the Server or in Open Directory or Active Directory.

Place the Accounts into the directory service. When a user authenticates his or her access to the database will be controlled by the Group. That way the databse files has no Accounts other than one [Full Access] Account. Do not authenticate a [Full Access] Account externally.

HTH

Steven

[Wim Decorte]

Now, what I seem to understand about Server Ext Auth is that it authenticates to the network accounts of which the user logs onto their computer. Correct? So if I understand that correctly, I take it that that solution will not work for me.

The external accounts & groups don't have to be network accounts. You can create those on the FMS machine itself if you have on Open Directory or Active Directory running.