The automating of file transfer functions requires that authentication is done without user interaction. For non-interactive but secure authentication we have the following possibilities:
- X.509 certificates
Tectia MFT Events supports X.509v3 certificates for advanced security and scalability in large and dynamic network environments. Comprehensive support for IETF PKIX and PKCS standards ensures seamless interoperability with third-party PKI products.
- Public keys with null passphrase
Public-key authentication (without certificates) provides an easy-to-deploy and secure means of authenticating the users without the need to deploy and maintain a full public-key infrastructure (PKI). The keys can be stored with empty passphrases, so they do not require user attendance after creation.
Tectia MFT Events provides a Public-key Authentication Wizard that helps the user to create key pairs and to upload the public keys to remote servers.
- Windows domain authentication
Tectia MFT Events can be integrated with Windows domain authentication by using Kerberos/GSSAPI for fully transparent user authentication. Once the users are logged on to the domain, there is no need for additional interaction for Secure Shell user authentication.
Tectia MFT Events supports secure password-based authentication. Unlike in plain-text protocols such as Telnet and FTP, passwords are never sent in plain-text format over the network, thus eliminating the risk of password exposure to unauthorized parties. Passwords can be stored into files per profile or defined in the connection profile settings.
- Host-based authentication on Unix
Host-based authentication is a form of delegated-trust authentication, where the Secure Shell server trusts the Secure Shell client host to authenticate the user. The user is verified by a
suidbinary (ssh-signer) on the client host which then confirms the user identity to the server in a communication signed with a root-owned host key. The client host is authenticated strongly with public key cryptography, thus the authentication does not rely solely on a host IP address or domain name. The Secure Shell host-based authentication utilizes strong cryptography for host identity verification.
- LDAP integration
Tectia MFT Events can utilize standards-based third-party LDAP directories as centralized user repositories. The keyboard-interactive method and third-party PAM modules for LDAP can be used for integrating Tectia Server on Unix with LDAP directories.
- GSSAPI authentication (Kerberos)
Kerberos/GSSAPI authentication enables transparent, single-sign-on-like authentication of Tectia MFT Events users. Once the user has logged on to the network and received the logon credentials, there is no need to type in the authentication credentials again through the Tectia MFT Events Management Console when accessing Secure Shell servers. Specifically, Kerberos/GSSAPI authentication enables the use of Windows domain authentication and Active Directory accounts with Tectia (SSPI in Windows).