For configurations in which AcuServer is running on a Windows NT or Windows 2000 server, this variable allows UNIX and Windows client users to use the Windows NT/Windows 2000 security mechanism in place of AcuServer's security system.
When Windows NT/Windows 2000 security is enabled, AcuServer impersonates the user who is logged onto the client machine. This allows AcuServer to spend less time managing Windows security issues, and allows the full range of Windows security to be used on files and directories on the server. To use this feature, you must have the necessary user accounts set up and configured on the server. (Ask your Windows system administrator whether Windows NT/Windows 2000 security has been set up for each potential user.) Once a user is connected, it is as if that user is actually logged onto the server. Files that are available to the user when he or she is directly logged on to the server are available to the user who is connected via AcuServer.
The NT_SECURITY configuration variable must be set in both the client runtime configuration file and the AcuServer configuration file. To ensure the proper result and to eliminate confusion, the recommended practice is to set NT_SECURITY to the same value on both the server and client machines. NT_SECURITY can take any of three values. The valid values are:
OFF (false, no) - do not use Windows NT security. "OFF" is the default value.
NAMED-PIPE (on, true, yes) - use Windows NT security based on the connection made from the client to the server via a named pipe.
In order to use this option successfully, your client machine must have permission to connect to the named pipe that AcuServer creates. If your machine does not have permission, it may look to you as though your client runtime has hung and it may look to other users as though the server is down. Without the proper permission, the only way to resolve this situation is to kill the server using the Windows NT task manager. See your Windows system administrator for help in establishing named pipe permissions and resolving connection problems.
LOGON - attempt to log the user onto the Windows NT domain. AcuServer attempts to use the password in the AcuAccess file to log the user onto the server. If the AcuAccess password matches the user's Windows domain password, the login completes and the user is never prompted for a password. If the password doesn't match, or the password field in the AcuAccess file is empty, the user is prompted to supply a password. The password provided must match the user's network domain password on the Windows server. The number of attempts the user has to supply the correct password is limited be the value of the configuration variable PASSWORD_ATTEMPTS (3, by default). A successful logon grants the user all of the same access rights they would have were they directly logged onto the server. AcuServer allows the Windows NT/Windows 2000 server to manage all issues pertaining to access permissions.
If the NT_SECURITY configuration variable is not set to the same value on both the client and the server, AcuServer interprets the settings as follows:
| Server set to: | OFF | NAMED-PIPE | LOGON | |
| Client set to: | ||||
| OFF | OFF | OFF | OFF | |
| NAMED-PIPE | OFF | NAMED-PIPE | NAMED-PIPE | |
| LOGON | OFF | NAMED-PIPE | LOGON |