Authentication ensures that only authorized persons can access data, and that data transformations can unequivocally be attributed to an individual. PMOD distinguishes between a privileged administrator ("PMOD administrator") who installs the software and configures the environment, and the data analysts ("PMOD users") who perform the actual data analysis.
The administrator must authorize himself each time he accesses the PMOD configuration. An initial password is provided upon shipment of the program. It can be changed by the administrator and is stored in an encrypted form in the /properties/global.start file.
After entering the PMOD configuration, the administrator can define PMOD users. For each user he specifies a name, an initial password, his working environment, and adds the user to the access list of the database(s) he is entitled to use. Each PMOD user can also (optionally) be mapped to a user of the underlying operating system ("OS user").
When a PMOD client is started, PMOD first compares the name of the user logged into the operating system with the list of configured PMOD users. If a PMOD user is found with a matching OS user, login proceeds automatically without requesting a password. In this case authentication is based on the assumption of a correct sign-on to the operating system. Such a configuration is recommended in homogeneous environments like Active Directory.
Otherwise, the user has to select his PMOD user name from the list of all configured PMOD users, and log in with his password. The password is initially set by the administrator, but can be changed by the user. The password, is encrypted and saved in /properties/global.start.