| --- |
| title: Process and Multiuser Authentication |
| --- |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| Client connections can be authenticated at two levels, process and multiuser. |
| |
| - **Process**. Each pool creates a configured minimum number of connections across the server group. The pool accesses the least-loaded server for each cache operation. |
| |
| Process-level connections represent the overall client process and are the standard way a client accesses the server cache. |
| |
| - **Multi-user**. Each user/pool pair creates a connection to one server and then sticks with it for operations. If the server is unable to respond to a request, the pool selects a new one for the user. |
| |
| Typically, application servers or web servers that act as clients to <%=vars.product_name%> servers make multi-user connections. Multi-user allows a single application or web server process to service a large number of users with varied access permissions. |
| |
| By default, server pools use process-level authentication. Enable multi-user authentication by setting a pool's `multi-user-secure-mode-enabled` attribute to `true`. |
| |
| <img src="../common/images/security-client-connections.gif" id="security__image_85B98E185AD84C59AC22974A63080559" class="image" /> |
| |
| Credentials can be sent in encrypted form using the Diffie-Hellman key exchange algorithm. See [Encrypt Credentials with Diffe-Hellman](overviewencryptcred.html#security) for more information. |
| |
| |