Authentication Methods

HSI supports several different methods by which a user can authenticate his or her self.

The methods that are enabled at a site are defined by the HPSS administrator when the HSI package is compiled. 


The -A command line option can be used to specify the authentication mechanism to be used, for example:

        hsi -A kerberos ....


The following authentication methods are available:


  • combo (previously known as "dce") :  For this method, a user name and password combination are specified.  For backward compatibility, the mechanism can still be specified as "dce", however, this is deprecated and will be removed in a future release.
  • keytab: For this method, a kerberos keytab file or a unix keytab file is read by the HSI library and passed to the HSI Gateway Server over the link after first encrypting the contents.  On the server side, the file is decrypted and verified.
  • kerberos: This mechanism uses the MIT Kerberos libraries to verify the user's existing credentials.  A kerberos keytab file can also be specified for kerberos authentication. If so, the "kinit" program is first used to obtain the user credentials, and then authentication proceeds normally.
  • ident: This mechanism uses the trusted server protocol to obtain the user's identity. 
  • gsi: This mechanism uses the Globus GSI protocols to obtain the user's identity.