docs/geode-native-docs/security/authentication-levels.html.md.erb - geode-native - Git at Google

 ---
 title:  Process and Multiuser Authentication
 ---

 <!--
 Licensed to the Apache Software Foundation (ASF) under one or more
 contributor license agreements.  See the NOTICE file distributed with
 this work for additional information regarding copyright ownership.
 The ASF licenses this file to You under the Apache License, Version 2.0
 (the "License"); you may not use this file except in compliance with
 the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 -->

 Client connections can be authenticated at two levels, process and multiuser.

 -   **Process**. Each pool creates a configured minimum number of connections across the server group. The pool accesses the least-loaded server for each cache operation.

     Process-level connections represent the overall client process and are the standard way a client accesses the server cache.

 -   **Multi-user**. Each user/pool pair creates a connection to one server and then sticks with it for operations. If the server is unable to respond to a request, the pool selects a new one for the user.

     Typically, application servers or web servers that act as clients to <%=vars.product_name%> servers make multi-user connections. Multi-user allows a single application or web server process to service a large number of users with varied access permissions.

 By default, server pools use process-level authentication. Enable multi-user authentication by setting a pool's `multi-user-secure-mode-enabled` attribute to `true`.

 <img src="../common/images/security-client-connections.gif" id="security__image_85B98E185AD84C59AC22974A63080559" class="image" />

 Credentials can be sent in encrypted form using the Diffie-Hellman key exchange algorithm. See [Encrypt Credentials with Diffe-Hellman](overviewencryptcred.html#security) for more information.
	---
	title: Process and Multiuser Authentication
	---

	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->

	Client connections can be authenticated at two levels, process and multiuser.

	- Process. Each pool creates a configured minimum number of connections across the server group. The pool accesses the least-loaded server for each cache operation.

	Process-level connections represent the overall client process and are the standard way a client accesses the server cache.

	- Multi-user. Each user/pool pair creates a connection to one server and then sticks with it for operations. If the server is unable to respond to a request, the pool selects a new one for the user.

	Typically, application servers or web servers that act as clients to <%=vars.product_name%> servers make multi-user connections. Multi-user allows a single application or web server process to service a large number of users with varied access permissions.

	By default, server pools use process-level authentication. Enable multi-user authentication by setting a pool's `multi-user-secure-mode-enabled` attribute to `true`.

	<img src="../common/images/security-client-connections.gif" id="security__image_85B98E185AD84C59AC22974A63080559" class="image" />

	Credentials can be sent in encrypted form using the Diffie-Hellman key exchange algorithm. See [Encrypt Credentials with Diffe-Hellman](overviewencryptcred.html#security) for more information.