Configure network logon
Notice: Please notice that you need a license of the module "Network Logon" at the client for this, also if you want to carry out the configuration at the server. You can buy the module in the online shop or order it on account. |
Via the additional module "Network Logon" you can centrally provide a database configuration at the clients. For this a profile file will be created in which one or several database configurations are maintained encrypted.
The profile file is doubly encrypted with AES (256 Bit). Hereby a public key and optionally a private key is used. The public array only contains information on the access rights of the file and is encrypted with the public key. The private array is only encrypted if the access rights suffice in the public array. In the private array there are all information on the particular database configuration.
Even if the Network Logon is already safely encrypted with the public key we basically suggest to deposit an additional private key. This private key has to be entered by the user at the start of the program. Due to the additional use of a private key the private array can only be decrypted if the user knows the password for it. Only Password Safe knows the public key and it can only be opened by the software and with an active module "Network Logon".
You can also give away a password which is required to edit the profile file. This password should be set basically. So you can protect the profile file from editing without using a private key.
What happens at the client?
If the client finds the profile file "psr.nlc", it will be opened automatically and checked if the client has access rights to use the profile file. If this is the case the contained database configuration will be started at the client. If only one configuration is contained an immediate auto login at the accordant database will be made. If several databases are contained they will all be provided at the client. For the login a click on OK is enough to start the login.
In the menu "extras" you can find the menu item "configure network logon". Afterwards the window, in which you create the profile file or edit existing ones, opens.
Create new profile
Click on "add profile" -> "add database" and carry out the database assistant to add the configuration. Generally you will only add databases of the type "Enterprise". But you can also configure Standard and Professional databases. To do so it is necessary to set the database password in the list via the context menu afterwards.
Edit profile
Click on an entry in the list and then choose "edit profile" in the context menu. Alternatively you can do this with a double click on the accordant entry. If only the password of the database has changed you can reset it in the list directly via the context menu.
You can set passwords and access rights via the profile settings.
Password for whole profile file
This is the private key (Private-Key) of the profile file. If you set this password every user that is allowed to use this profile file has to enter the password at the start of Password Safe. The private array in the profile file will then be encrypted with this password. Without this password the profile file can no longer be opened.
Password for editing the profile file
If you set this password the profile file can only be opened for editing if the password has been entered.
User
Here you can deposit computer users who can access the profile file. For the testing the Windows login name is used.
Computer
Here you can deposit computer names which can access the profile file. For the testing the Windows computer name will be used.
IP
Here you can deposit IP address arrays or single IP addresses which can access the profile file.
Example:
192.168.0.1
or
192.168.0.100-192.168.0.120
Notice: Please notice that user, computer and IP access restrictions are linked with AND. That means that if you deposit data in one of the arrays, also in all three arrays, the user has to be deposited in a way that all conditions are fulfilled. An OR link-up is not designated. Also the user, computer or IP array which is allowed to edit the profile file, should be contained, otherwise the profile file can no longer be opened for editing. |
In order that the client finds the profile file you can deposit it under different places. The profile file should be named "psr.nlc". Following you can see the order listed in which places the profile file is searched for.
1.In the environment variable of the client (PSR_NLC_FILE). Here you can define the path including the file name yourself.
2.In the registry. Here you can define the path including the file name yourself.
Sector:
HKEY_CURRENT_USER\Software\MATESO\PasswordSafe\Options
Entry:
NetworkLogonFile
3.In the configuration file of the client (psr.pc7) under <Common> <NetworkLogonFile>. Here you can define the path including the file name yourself.
4.In the program path of the application. The file name has to be "psr.nlc".
5.In the personal document directory. Under XP in "own files". The file name has to be "psr.nlc".
6.In the AppData directory of the user, where also the configuration file of Password Safe lies. The file name has to be "psr.nlc".
Windows Vista/Windows 7:
C:\Users\user name\AppData\Roaming\PasswordSafe\psr.pc7
Windows XP:
C:\documents and settings\user name\application data\PasswordSafe\psr.pc7
Notice: After an upgrade to a later version (e.g. from version to Version 7), the network logon has to be configured again.
If one of the following points changes, the network logon file has to be configured again, or updated: - Database name - IP address of the server - Port of the server - Client server initial connection password |