Implicit Login¶
The Smartcrypt SDK supports implicit login, a form of login in which managed users are logged in not by providing a username and password, but by the system user who owns the process using the SDK.
Advantages of Implicit Login¶
Several features make implicit login the recommended authentication mechanism.
For back-office applications, implicit login provides the convenience of not needing to hard code, manually enter or place the credentials into a configuration file. This improves security and makes it easier to deploy applications.
For end-user applications, companies typically want the end user to login with domain credentials when running the applications. In this case, implicit login affords the ability to skip a login prompt, enabling a seamless user experience. This is particularly desirable when modifying existing business applications to incorporate Smartcrypt data protection.
How it works¶
On Windows, Integrated Windows Authentication is used. The identity of the Active Directory Domain User who launches the process using the Smartcrypt SDK is used.
On MacOS and Linux, the Kerberos system is used to identify and authenticate the user.
Domain-joined MacOS installations are automatically configured. On Linux, the
kinit program is
used. When properly configured, Linux machines will automatically run kinit
when users perform
a password-based login.
The identity of the Active Directory Domain User who launches the process using the Smartcrypt SDK is used. Setting the KRB5_CONFIG environment variable to the path to a custom krb5.conf file allows you to configure the underlying Kerberos setup.