AnsweredAssumed Answered

How does the SignUp client AAA process work?

Question asked by Chris Richards on Sep 6, 2018

Hi All! I'm pretty new to Pharos and have yet to really jump into the weeds of how our environment is configured. I've spent most of my time scouring the white papers, knowledge base, and tech articles but have yet to find anything that really clearly outlines how the authentication, authorization, and accounting portion is handled when a patron signs into a SignUp station (based on what I've already viewed/perceived). So without further adieu...


What's the process for when a patron signs into a computer?



  - Pharos Uniprint 9.0 R2

  - SignUp Client 2.66


From what I understand, the SignUp client acts like a Graphical Identification and Authentication (GINA) segment at login; it intercepts login input and is also the connector to the Pharos principal server. When a patron enters a login ID/pin combination, the information is then processed by the principal server (by way of the SignUp innovative gateway) to determine if the information is both present and correct within the database. This is where my question stems from... What exactly is happening after the initial authentication with the principal server?


The current behavior (for us) is that the computer is domain joined via Active Directory and would use a corresponding account to login based on %COMPUTERNAME%. What is dictating to the SignUp client that it should be using %COMPUTERNAME% as the user account in the back-end? Are credentials for this particular account stored in the principal server's database or is the principal server performing a form of Kerberos ticket passing to the AD server?


This all most likely can be gleaned from the admin console with a great deal of study but is there a flowchart of this process by chance?