Home Download FAQ / Knowledge Base Screenshots Documentation Support

What are the different authentication modes and which one should I use?

The Citadel system offers several different authentication modes, which may be selected during your initial installation. Once you select a mode you should not attempt to change it. Doing so could render your user accounts inaccessible.

The authentication modes available are:

Self-contained authentication

This is the most common type of installation. In this mode, Citadel will maintain its own user database. This is also known in some other circles as "black box" authentication.

Self-contained authentication is the mode most sites will want to use. It is by far the easiest because it requires zero maintenance and zero external configuration.

Host system integrated authentication

In this mode, Citadel will attempt to authenticate logins using the user database of the underlying host system (Unix or Linux). On a standalone server, this would mean that it uses the user names and passwords stored in the /etc/passwd file. If you are using a customized PAM (Pluggable Authentication Modules) configuration, Citadel can make use of that as well.

External LDAP - RFC 2307 compliant directory

In this mode, Citadel will attempt to authenticate logins using an external LDAP directory. The directory schema is expected to conform to the RFC 2307 schema for storing POSIX accounts in LDAP. If your directory is based on OpenLDAP or some other open source product, this is probably the case.

If you select this mode you will be prompted for the host name or IP address and port number of your LDAP server, along with the base DN, bind DN, and bind password. If you don't know what these mean, then you probably should not be selecting this authentication mode.

External LDAP - Microsoft Active Directory

This mode also uses LDAP, but is compatible with Microsoft Active Directory, which uses a different schema. You will need the host name or IP address and port number of your domain controller, along with the base DN, bind DN, and bind password.

So, which one should I use?

Unless you understand exactly how the external authentication modes work, you should choose self-contained authentication mode.

There are no social media links here. Enjoy a friendly Citadel community instead. Or go outside.