|
Network Logon |
|
|
|
|
Network Logon |
|
|
Network Logon
|
Network Logon |
|
|
|
|
Network Logon |
|
|
Notice: Please note that you need a license of the module "network logon" at the client for this, also if you can carry out the configuration at the server. You can buy the module in the online shop purchase it on account. |
Via the additional module "network logon" you can provide a database configuration centrally at the clients. To do so a profile file is created in which one or several database configurations are encrypted.
The profile file is doubly encrypted with AES (256 bit). Here a public key and optionally a private key is used. The public array only contains information on the access rights of the file and is encrypted with the public key. The private array is only decrypted if the access rights in the public array suffice. In the private array there are all information on the accordant database configuration.
Even if the network logon is already safely encrypted with the public key, we generally suggest to deposit an additional private key. This private key, however, has to be entered by the user at the run. By the additional use of a private key the private array can only be decrypted if the user knows the password for it. The public key is only known by Password Safe and can only be opened by the software and with an active module "network logon".
it is also possible that you gibe away a password that is needed to edit the profile file. This password should also be set basically. So you can for example protect the profile file from editing without using a private key.
What happens at the client?
If the client finds the profile file "psr.nlc" it will be opened automatically and it will be automatically checked if the client owns access rights to use the profile file. If this is the case the contained database configurations will be started at the client. If only one configuration is contained, an immediate auto login at the accordant database will be made. If several databases are contained they will all be made available at the client. Then a click on OK at the login is enough to carry out the logon.
Create new profile
Click on "add profile" -> "add database" and carry out the database assistant to do the configuration. You will probably only add databases of the type "Enterprise". But you can also configure standard and professional databases. To do so it is afterwards necessary that you set the database password in the list via the context menu.
Edit profile
Click on an entry in the list and choose "edit profile" in the context menu. Alternatively this is also possible via a double click on the accordant entry. If only the password of the database has changed you can reset this via the context menu in the list.
You can set passwords and access rights via the general profile settings.
Password for whole profile file
This is the private key of the profile file. If you set this password, every user that is allowed to use this profile file has to enter this password at the start of Password Safe. The private array in the profile file will then be encrypted with this password. Without this password the profile file can no longer be opened.
Password for editing the profile file
If you set this password the profile file can only be opened for editing if the password has been entered.
Users
Here you can deposit computer users who are allowed to access the profile file. For the checking the Windows login name will be used.
Computer
Here you can deposit computer names which are allowed to access the profile file. For the checking the Windows computer name will be used.
IP
Here you can deposit IP address arrays or single IP addresses which are allowed to access the profile file.
Example:
192.168.0.1
or
192.168.0.100-192.168.0.120
Notice: Please not that that user- computer- and IP access restrictions are linked with AND. That means that if you deposit data in one of the arrays, also in all three arrays, the user has to be deposited in a way that all conditions are fulfilled. An OR link-up is not intended. Also the user, computer or IP array that is allowed to edit the profile file should be contained, otherwise the profile file can no longer be opened for editing. |
In order that the client can find the profile file you can deposit it in different places. In doing so the profile file should be named "psr.nlc". In the following you can see the listed order in which places the profile file is searched.
1.In the environment variable of the client (PSR_NLC_FILE). Here you can define the path including the file name yourself.
2.In the registry. Here you can define the path including the file name yourself.
Leg:
HKEY_CURRENT_USER\Software\MATESO\PasswordSafe\Options
Entry:
NetworkLogonFile
3.In the program path of the application. The file name has to be "psr.nlc".
4.In the personal document directory. Under XP in "own files". The file name has to be "psr.nlc".
5.In the AppData directory of the user where also the configuration file of Password Safe lies. The file name has to be "psr.nlc".
Windows Vista/Windows 7:
C:\Users\Username\AppData\Roaming\PasswordSafe\psr.pc6
Windows XP:
C:\Documentsandsettings\username\applicationdata\PasswordSafe\psr.pc6
Notice: If one of the following items changes, the network logon file has to be configured again or updated: - Database name - IP address of the server - Port of the server - Server password |