Authentication methods
Authentication is the process of validating the identity of a user or client. Typically, clients present a username and password pair as a credential to identify themselves for authentication.
The Credentials Manager allows you to define authentication methods as individual credentials. You can apply each credential to any monitor, alert, or feature that requires special permission to access restricted network resources.
The following table lists the usage restrictions you can choose from when you add a new credential using Credential Manager.
| Method | Description |
|---|---|
| May only be authorized for use by the owner | The default user authorization. Only the Administrator account that created the credential may assign it to a monitor, alert, or server / workstation control feature. |
| May be authorized for use by any account | Any ipMonitor account with access to the administrator web interface can assign the credential to a monitor, alert, or server / workstation control feature. |
| Always allowed when over SSL |
Allows ipMonitor to perform authentication if SSL encryption is used. When enabled, the Credential is authorized to use any authentication method. This may include authentication methods that are not specifically selected in the Add Credential window under Usage Restrictions. For example, an HTML / ASP Monitor connects to a secure web site that challenges with Basic Authentication after the SSL connection was established. When this option is enabled, the Credential is authorized to use any authentication method. This may include authentication methods that are not specifically selected in the Add Credential window under Usage Restrictions. |
| May be used with Digest authentication schemes |
Uses Digest Authentication for monitors, alerts, and features. Monitor types include: Digest authentication is a challenge/response mechanism based on the principle of a shared secret known to both the client and server. When challenged, ipMonitor acts as the client and creates a hash digest containing its secret key and password, which it sends to the server. If the server's independently created digest matches the key and password, the server authenticates the client. Although Digest Authentication does not send passwords in clear text, unless SSL is used Digest Authentication is only a moderate improvement over Basic Authentication, as there is nothing to prevent recording of communications between the client and server. |
| May be used with NTLM Schemes (Windows NT LAN Manager) | Uses Windows NT LAN Manager (NTLM) Authentication for monitors, alerts, and features. Monitor types include: |
| May be used with Windows Impersonation for use with RPC |
Uses Remote Procedure Call (RPC) Impersonation for monitors, alerts and features such as:
RPC is a programming interface that allows one program to use the services of another program on a remote machine. The Usage Restriction option allows the ipMonitor Service to impersonate the security context of a separate Account before carrying out the RPC call. |
| May be used with Windows Impersonation to start an external process |
Allows the ipMonitor Service to impersonate the security context of a separate account for monitors, alerts, and features (such as External Process monitors and External Process alerts) before launching an external application or script. |
| May be used with ADO in Standard (SQL) Authentication |
Uses the ADO user restriction for the following monitors: ActiveX Data Objects (ADO) is a programming interface from Microsoft® that provides a standardized interface to many different databases and data sources. OLE DB Providers written by Microsoft and other vendors are used to connect to different types of data sources through one standardized interface. |
| May be used to encrypt data | Allows ipMonitor to encrypt and export the credentials database when used to archive configuration data within the Internal Maintenance feature. |
| May be transmitted in clear text |
Allow ipMonitor to authenticate in clear text for monitors, alerts and features such as:
Using Basic Authentication, the username and password information is sent over the network encoded using Base64 encoding. Unless used over SSL, Basic Authentication is inherently insecure because Base64 can be easily decoded. Basic Authentication essentially sends the username and password as plain text. |