Before any applications or policies can be accessed by the user, the user must log in to the network (that is, log in to Novell eDirectoryTM) to verify login rights and to establish a connection to the network servers where the user needs to be authenticated.
If you have installed the Novell ClientTM, the Desktop Management Agent, and the Middle Tier Server, there are three login scenarios:
When the Novell Client is used to authenticate, all communication to eDirectory and the server file system uses the traditional Novell NCPTM protocol. The client launches as the default login GINA (Graphical Identification and Authentication) user interface. For more information about authenticating with the Novell Client, see "Using the Novell Client for Authentication" in the Novell ZENworks 6.5 Desktop Management Installation Guide.
The process of authentication to eDirectory using the 32-bit client in this scenario is illustrated in the following diagram:
However, if these same workstations are taken outside of the firewall, the client will continue to launch as the default login GINA. Users will be able to log in locally to their own Windows desktops, but they will not be able to authenticate to eDirectory through the ZENworks Middle Tier Server.
If users who have both the agent and the client installed on their machines want to authenticate and receive applications outside the firewall, they can still do so by using an alternative login method, but their workstations will be able to receive only application files, not Desktop Management policies. For this reason, you should consider removing the client and installing only the agent on workstations that are to be used mainly outside the firewall.
For more information about the alternative login method used when the client and agent are installed together on a workstation outside the firewall, see Logging in Locally to the Workstation.
If you install the Desktop Management Agent and you want your users to log in to the network through the agent, you need to understand how the Desktop Management Agent authenticates to the network. For more information about setting up the Desktop Management Agent for authentication, see "Using the Desktop Management Agent and the ZENworks Middle Tier Server for Authentication" in the Novell ZENworks 6.5 Desktop Management Installation Guide.
The diagram below shows the process occurring when a user authenticates to eDirectory using the Desktop Management Agent outside the firewall. The process is similar when the user is inside the firewall.
When eDirectory authenticates users, they are authenticated to any server in the tree where the system administrator has granted them rights.
The ZENworks Middle Tier Server uses LDAP/NDAP to authenticate to eDirectory because of the search capabilities of these protocols. If you select Clear Text Passwords during the installation of the ZENworks Middle Tier Server, the authentication request can use just the User ID (without its context) to search the entire tree for the authenticating user. Without a clear text password, the user must either log in using his or her fully distinguished name or you must restrict that user to an Authentication Domain, which is a particular context in the directory.
For more information about authentication and the role of the ZENworks Middle Tier Server in ZENworks file access, see What Is the Desktop Management Server?.
If users bypass the Desktop Management Agent login by logging in to the local workstation only, they still need to authenticate to eDirectory to access their applications.
If the Application Explorer icon is displayed on the user's desktop or system tray, the user has the option (by right-clicking the icon) to log in to the ZENworks Middle Tier Server. If the user chooses to log in, the Novell Security Services login GINA is displayed.
When the user enters his or her user ID and password at the Security Services login GINA, these credentials are given to the ZENworks Middle Tier Server, which passes them to eDirectory for authentication. This login GINA uses the same authentication process used by the Desktop Management Agent login GINA. For more information, see Logging in Using the Desktop Management Agent.