solidDB Help : Configuring and administering : Security : Authentication : Operating-system-based external authentication
  
Operating-system-based external authentication
Instead of the default in-built solidDB authentication mechanism, the user can be authenticated by services that are provided by the operating system.
When external authentication is used, the user logs in to solidDB by providing authentication credentials that match the credentials of an operating system user account on the solidDB host computer.
Authentication by using the operating system is supported on Linux, UNIX, and Windows environments. On Linux and UNIX systems, solidDB uses services that are provided by a pluggable authentication modules (PAM) API that implements the X/Open Single Sign-On (XSSO) standard. On Windows systems, external authentication is implemented by using the Security Support Provider Interface (SSPI) API.
To use external authentication, the OpenSSL libcrypto library must be installed and accessible on both the server and client computers. The OpenSSL libcrypto library enables the use of a private key/public key pair for the connect message in order to provide strong encryption for a password that is sent over a network connection.
If the solidDB server or client cannot access the OpenSSL libcrypto library, the login data for an externally-authenticated user cannot be verified.
To create an externally-authenticated user account to use for the database administrator, you must enable external authentication when you create the database. For other users, you enable external authentication by using SQL statements. The authentication of each user must be specified separately. Each externally-authenticated solidDB user must have a corresponding operating system or domain level account on the machine where solidDB is running. For more information, see Configuring externally-authenticated accounts.
Note If the user accounts are externally authenticated, the database and all backups should reside on encrypted (or otherwise protected) media. This action ensures that the database cannot be accessed if the media is stolen, even if external authentication is configured such that the login would succeed for any account.
See
Configuring external authentication on servers
Configuring external authentication on clients
Disabling external authentication
Troubleshooting external authentication
Go up to
Authentication