Integrated Windows authentication
Integrated Windows authentication allows users to connect to a FH Web Edition server and start a session without having to sign in to the host and re-enter their user name and password. When Integrated Windows authentication is the only option enabled, the user’s user name and password are never transmitted over the network. Instead, FH Web Edition runs the user’s session in the same security context as the FH Web Edition client. Users are added to the host's NETWORK group instead of its INTERACTIVE group. As a result, they may be denied access to some resources.
When users connect to a FH Web Edition server using Integrated Windows authentication, they are able to access most of the same resources on the host that they would be able to access if they signed in to the host interactively. However, depending on the authentication protocols supported by the client’s and host's operating systems and the network, when users access resources that reside on other computers on the network, they might be required to re-enter their user name and password. If network resources are unable to request a user name and password, access might be denied.
To access other computers on the network, Active Directory must be configured to allow authentication credentials to be passed to other computers. Microsoft refers to the right to pass authentication credentials to a third or more computers as “delegation.” Delegation is supported by Windows 2000 or later on Active Directory networks with the proper settings. Instructions on properly configuring an Active Directory Domain Controller is available in your Microsoft Windows operating system documentation .
Windows NT domains do not support delegation. When Integrated Windows authentication is enabled in this environment, users might not have access to resources that reside on other computers on the network. To avoid these resource access limitations, Configuration requirements for delegation support.
Note: The cache passwords on the host option, described in the following section, can be enabled to obtain an INTERACTIVE group logon with Integrated Windows authentication.
Caution: Integrated Windows authentication is only available to users who sign in from Windows computers that are members of the same domain as the FH Web Edition server.