| Title: 4.1. Authentication |
| NavPrev: 4-authentication-and-authorization.html |
| NavPrevText: 4 - Authentication & Authorization |
| NavUp: 4-authentication-and-authorization.html |
| NavUpText: 4 - Authentication & Authorization |
| NavNext: 4.1.1-simple-authn.html |
| NavNextText: 4.1.1 - Simple authentication |
| Notice: Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| . |
| http://www.apache.org/licenses/LICENSE-2.0 |
| . |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| |
| # 4.1. Authentication |
| |
| ## Chapter content |
| |
| * [4.1.1 - Simple authentication](4.1.1-simple-authn.html) |
| * [4.1.1.1 - Anonymous Authentication](4.1.1.1-anonymous-authn.html) |
| * [4.1.1.2 - Name/Password Authentication](4.1.1.2-name-password-authn.html) |
| * [4.1.1.3 - Unauthenticated Authentication](4.1.1.3-unauthenticated-authn.html) |
| * [4.1.2 - SASL authentication](4.1.2-sasl-authn.html) |
| * [4.1.2.1 - SASL PLAIN text Authentication](4.1.2.1-sasl-plain-text-authn.html) |
| * [4.1.2.2 - SASL CRAM-MD5 Authentication](4.1.2.2-sasl-cram-md5-authn.html) |
| * [4.1.2.3 - SASL DIGEST-MD5 Authentication](4.1.2.3-sasl-digest-md5-authn.html) |
| * [4.1.2.4 - SASL GSSAPI Authentication](4.1.2.4-sasl-gssapi-authn.html) |
| * [4.1.2.5 - SASL EXTERNAL Authentication](4.1.2.5-sasl-external-authn.html) |
| * [4.1.2.6 - SASL NTLM Authentication](4.1.2.6-sasl-ntlm-authn.html) |
| * [4.1.3 - Kerberos authentication](4.1.3-kerberos-authn.html) |
| * [4.1.4 - Client authentication through certificates](4.1.4-certificate-authn.html) |
| |
| **LDAP** is a connected protocol. That means you should create a session before being able to fetch some data from the server. This session is created through an authentication process. |
| |
| There are two different types of authentication on LDAP : |
| * Simple |
| * SASL |
| |
| We will describe those two kind of authentication, and will also describe how this can be leveraged by some specific authentication mechanisms, like Kerberos or based on certificates. |
| |
| Last, not least, the **Anonymous** authentication will be explain in a separate chapter, even if it's a part of the Simple authentication mechanism. |
| |
| ## Authentication and LDAP Session |
| |
| An authentication will result in the creation of a LDAP session, which will exist as long as the authenticated user does not physically disconnect from the server. |
| |
| A Session can have his status changed all alog its life : we can switch from an Authenticated state to an Anonymous state, and back to a SASL authenticated state. The session is created the first time the user connects on the server, and its status changes when the user authenticates. |
| |