[CORE-34] Allow individual users to authenticate via database when the hive params indicate NTLM authentication Created: 15/Dec/10  Updated: 05/Jun/14  Resolved: 28/May/14

Status: Closed
Project: i2b2 Core Software
Component/s: PM Cell
Affects Version/s: 1.6.00-RC1
Fix Version/s: 1.6.00

Type: Improvement Priority: Trivial
Reporter: Walter Knesel Assignee: Mike Mendis
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment: those using windows and NTLM.

Participant/s:

 Description   
Hi,
 A minor change in the PM class ServicesHandler in the method validateSuppliedPassword(...) would allow administrators to set up PM to generally validate users with NTLM (via pm_hive_params settings) and a few users to validate with database password (via pm_user_params).
The few users would likely be any special i2b2 accounts that sites don't want to have to put into their LDAP/AD systems (like the obfuscated service account). This could benefit sites that have larger user bases.

This would reduce the amount of configuration some sites need to perform. This would make i2b2's authentication system symmetrical and not care whether the admin wants to default to database or NTLM and have a few users do the opposite.

The change in validateSuppliedPassword(...) would be in the NLTLM branch to see if the user has pm_user_params and if so, to use them to authenticate rather than assuming NTLM as that branch currently does.

This suggestion comes out of the "Active Directory and i2b2 1.5" thread in the members.i2b2aug.org mailing list.
 
Thanks for listening.

 Comments   
Comment by Janice Donahoe [ 28/May/14 ]
Can set by specifying that user with the param of authentication_type=password
Generated at Sat Mar 15 01:53:41 UTC 2025 using Jira 8.20.11#820011-sha1:0629dd8d260e3954ece49053e565d01dabe11609.