K2 Ticket Server

At each K2 installation, there are optionally one or more instances of the K2 Ticket Server (Figure 2-5). The K2 Ticket Server is a component that authenticates users to the K2 System and controls search access to secure indexes. The K2 Ticket Server uses security modules that can communicate to third-party information stores to validate authentication credentials. The authentication stores that are supported include LDAP Servers, Windows NT Domain, and UNIX.


Figure 2-5    K2 Ticket Server



When a user authenticates to a security model by providing valid login information, the user receives a ticket, or temporary access pass, from the Verity K2 Ticket Server. The K2 Ticket Server stores information in memory for users who have been authenticated to LDAP, Windows NT domain, or UNIX. Once the user ends the session by logging off, the ticket expires and the user’s credentials are deleted from memory. Optionally, the K2 Ticket Server can save credentials to an encrypted store to retain them from session to session.

The K2 Ticket Server monitors search and viewing requests on a TCP/IP port. As each request is made, the K2 Ticket Server gives users access to only those collections for which they have the correct tickets. This integrates your native security model into the K2 system.

The K2 Ticket Server can handle authentications from multiple native security models. For example, if a user provides K2 with credentials to authenticate to the NT Domain security model, the user is able to search documents protected by that domain (as long as the user has permission to read them, based on group membership). However, collections can include information from two or more separate repositories, each with its own native security model. If the collection the user is searching also contains documents from a Microsoft Exchange repository, K2 also prompts the user to authenticate to Microsoft Exchange.

The K2 Ticket Server includes a persistent store, in which it keeps a list of administrative users for the system, plus security information for collections and repositories.