Security plug-ins
Security plug-ins expand and customize the ways in which Crystal Enterprise authenticates users. Crystal Enterprise currently ships with the system default Crystal Enterprise security plug-in and with the Windows NT and LDAP security plug-ins. Each security plug-in offers several key benefits.
Security plug-ins facilitate account creation and management by allowing you to map user accounts and groups from third-party systems into Crystal Enterprise. You can map third-party user accounts or groups to existing Crystal Enterprise user accounts or groups, or you can create new Enterprise user accounts or groups that corresponds to each mapped entry in the external system.
The security plug-ins dynamically maintain third-party user and group listings. So, once you map a Windows NT or LDAP group into Crystal Enterprise, all users who belong to that group can log on to Crystal Enterprise. When you make subsequent changes to the third-party group membership, you need not update or refresh the listing in Crystal Enterprise. For instance, if you map a Windows NT group to Crystal Enterprise, and then you add a new NT user to the NT group, the security plug-in dynamically creates an alias for that new user when he or she first logs on to Crystal Enterprise with valid NT credentials.
Moreover, security plug-ins enable you to assign rights to users and groups in a consistent manner, because the mapped users and groups are treated as if they were Enterprise accounts. For example, you might map some user accounts or groups from Windows NT, and some from an LDAP directory server. Then, when you need to assign rights or create new, custom groups within Crystal Enterprise, you make all of your settings in the CMC.
Each security plug-in acts as an authentication provider that verifies user credentials against the appropriate user database. When users log on to Crystal Enterprise, they choose from the available authentication types that you have enabled and set up in the Authorization management area of the CMC: Enterprise (the system default), Windows NT, or LDAP.
Note: The Windows NT security plug-in cannot authenticate users if the Crystal Enterprise server components are running on UNIX.
Crystal Enterprise supports the following security plug-ins: