InterSystems provides the following options that enable you to authenticate users:
Kerberos authentication The most secure means of authentication. The Kerberos Authentication System provides mathematically proven strong authentication over a network.
Operating-systembased authentication OS-based authentication uses the operating system’s identity for each user to identify that user to InterSystems IRIS.
LDAP authentication With the Lightweight Directory Access Protocol (LDAP), InterSystems IRIS authenticates the user based on information in a central repository, known as the LDAP server.
Instance Authentication With Instance Authentication, InterSystems IRIS prompts the user for a password and compares a hash of the provided password against a value it has stored.
Delegated authentication Delegated authentication provides a means for creating customized authentication mechanisms. The application developer entirely controls the content of delegated authentication code.
You can also allow all users to connect to the server without performing any authentication. This option is appropriate for organizations with strongly protected perimeters or in which neither the application nor its data are an attractive target for attackers.
InterSystems IRIS web service services and web clients can validate the WS-Security header element for inbound SOAP messages, as well as automatically decrypt the inbound messages. Generally speaking, this security header element can carry information that authenticates the sender. See Securing Web Services.