Ares offers three methods to authenticate patrons of the system. Some of these methods require external systems or authenticating servers; details on those requirements are within each section below. In all authentication methods, the username must be unique across the entire database and any passwords stored are one-way encrypted so that staff or database administrators cannot know the users' passwords.
While each authentication method has some special features to it, there are some concepts that are common to all authentication methods in Ares.
- Usernames must be unique across the database.
- Passwords stored by Ares are one-way encrypted and cannot be revealed to staff or customers if forgotten. Some authentication methods such as LDAP and RemoteAuth do not store the user's password in the database, but those that do encrypt it so that it cannot be reversed to the plain text version and only compared to what the user enters at login.
- Regardless of the pre-registering or authenticating system, all users can be blocked and/or disavowed by staff in the client. Ares checks for the user's cleared status last before attempting to display the Main Menu or a request form.
- Users who do not register via the Ares web interface can be added by staff in the Ares client. This allows staff to override otherwise exclusive authentication methods such as LDAP and RemoteAuth. Those users added through the client have an AuthType of Ares that bypasses any external authentication systems.