Secondary User Authentication on Linux Clients

If multiple users can use the same account (e.g. “root”) to log in to the terminal, it may be important to identify the individual person using the account.

Identification can be performed by means of secondary user authentication, which requires the user to enter additional credentials when they open the terminal.

The user has to enter the credentials of an Ekran System user who has the Access to Endpoint via Secondary Auth. permission.

The secondary user name will then be displayed in the Client Sessions list in brackets next to the primary user name under which the terminal is launched.

NOTE: Secondary user authentication works even if there is a no connection between the Client computer and the Application Server computer (i.e. in offline mode), but only for users who have previously logged in to the Client computer at least once using secondary user authentication when there was an active connection. In rare technical cases (e.g. involving re-installing Clients) it may happen that a user cannot log in, in which case an administrator can contact the Ekran System Support team to request a temporary emergency password.