I have been given the requirement to disable the Back-end Table Security Provider, and only allow Active Directory users.
Will this “break” Rhythmyx? Are there any “system” users that are required from this table? (Such as rxpublisher.) If so can they be replaced by an Active Directory user?
I don’t know that disabling it would be a good idea, but there are reports that you may be able change the password.
Changing the password is not the problem. The problem is the manner in which it is stored by the Back-end Table “Security” Provider.
I need to either figure out how to replace it, or tell my company why it can’t be.
You should be able to turn off the backend security provider, and just use LDAP or Active Directory.
In systems prior to version 6.6, you need a user with which to run the publisher. (By default, this user is named “rxpublisher”, but that name can be changed in the configuration).
All internal processes (which run as “rxserver”) don’t use the security providers anyway, so changing security provider configuration has no effect on them.
It is also possible to encrypt the passwords stored in the backend table. I believe we provide a “password filter” implementation that will decrypt the password from the table.
The backend table security provider was intended to be something used for demos and to “get started quickly” without requiring a lot of setup.
So it could be as simple as creating an Active Directory account named “rxpublisher”? (Just to keep the name meaningful and have less configuration changes.)
Understood. Hence, no need for it to be truly secure.
It is also possible to encrypt the passwords stored in the backend table. I believe we provide a “password filter” implementation that will decrypt the password from the table.[/QUOTE]
As a follow up to this particular issue.
We are looking to implement a backend table security provider which will access a database table containing one way hashed passwords. Does anyone know how we can implement this “password filter” so that Rhythmyx can use the hashing algorithm to authenticate user logins?