Authenticating client connection

Implementing strong security programs provides Connect:Direct® for Microsoft Windows users an assurance that file transfer is closely guarded. Connect:Direct for Microsoft Windows uses several approaches to manage client API connections.

IBM® Connect:Direct server uses the following client authentication methods to establish the identity of the requesting client and determines whether that client is authorized to connect to the Connect:Direct server using the supplied credentials:
  • Username/password-based authentication
  • Digital security certificate-based authentication
  • Trusted Local Host Authentication (user name only)

However, passwords configured for the Windows System and digital certificates are set to expire at some interval and must be changed. Any time the password is changed on the Windows server, it must also be changed in the client configuration resulting in tedious password management routine in a large deployment.

To ease password management routines for local-host client connections, Connect:Direct for Microsoft Windows extends the client API authentication process to allow no-password access for local connections.

IBM recommends using password-based authentication or certificate-based authentication method to authenticate client connections. Connect:Direct for Microsoft Windows users should be aware of the following implication of using Trusted Local Host Authentication.
  • Trusted Local Host Authentication allows any program running on the same host as Connect:Direct to submit API commands to Connect:Direct without specifying a password.
  • In some cases, for example when Connect:Direct is running on a multi-user system, Trusted Local Host Authentication may not provide adequate security. Enable Trusted Local Host Authentication when the Admin is certain that doing so does not create a security risk.