To attend a meeting on the Sametime server, a user first connects to the Sametime HTTP server with a web browser. By default, the user is not authenticated when accessing the Sametime server over this port and is able to access the Sametime server home page database (stcenter.nsf) without entering a user name and password.
By using the Access Control List (ACL) settings of individual databases, the Sametime administrator can force users to authenticate using basic password authentication when they attempt to access the databases on the server.
Generally, the first database that a user accesses when connecting to the Sametime server is the Domino
® database that contains the Sametime server home page (stcenter.nsf). By default, the ACL settings of the stcenter.nsf database allow anonymous access so users can access the Sametime server home page without being authenticated (entering a user name and password that is verified against entries in a directory).
After accessing the home page, a user selects links to access other databases on the Sametime server. Most users will access the Sametime
® Meeting Center (stconf.nsf). The Sametime Administrator can alter the ACLs of these databases to force users to authenticate at the time they select the link that accesses the database.
The databases on the Sametime server that are accessible from the Sametime server home page include:
- Self-Registration (streg.nsf) - An administrator controls whether self-registration is available on the server. The administrator controls self-registration by selecting or clearing the "Allow people to register themselves in the Directory" check box available from the Domino Directory - Domino option in the Sametime Administration Tool. The self-registration database (streg.nsf) should always allow anonymous access to enable anonymous users to self register when the administrator allows self-registration.
- Server Administration - You must add users to the ACLs of several Sametime databases when allowing other users to have administrative privileges on the Sametime server. For more information about controlling access to the Sametime Administration Tool, see Adding a new Sametime administrator
By default, the connection from a web browser to the Sametime server is neither authenticated nor encrypted. The authentication occurs at the time a user accesses an individual database on the Sametime server. You can configure Sametime so that all HTTP traffic (including passwords and authentication tokens) that passes over the connection between the web browser and the HTTP server is encrypted using the Secure Sockets Layer (SSL).
References to the Sametime
Meeting Center and to the web browser connection do not apply to Sametime
Parent topic: Working with Sametime security
Using database ACLs for identification and authentication
Anonymous access and database ACLs
Basic password authentication and database ACLs
Setting up anonymous access in a database Access Control List (ACL)
Setting up basic password authentication in a database Access Control List (ACL)