IMTerm Security

Enterprise-grade security built in from the ground up

Authentication Methods

MethodDescriptionConfig
Local / Built-inBcrypt password hashing, per-user accounts managed via admin consoleauth.mode: local
LDAP / Active DirectoryBind authentication, group-to-role mapping, supports TLS and StartTLSauth.mode: ldap
OIDC / OAuth2OpenID Connect, Okta, Azure AD, Google Workspace, and any compliant IdPauth.mode: oidc
SAML 2.0SP-initiated SSO, ADFS, PingFederate, Okta. Signature validation via goxmldsigauth.mode: saml
Kerberos SPNEGOKeytab-based, transparent browser SSO on Windows domain machinesauth.mode: kerberos
mTLS client certificatesMutual TLS, client certificate presented at TLS handshake, mapped to userauth.mode: mtls

RBAC Model

RolePermissions
AdminFull access, user management, configuration, audit log, session monitoring, all terminal operations
UserSessions, file transfer, printing, macros, scripting, Agent Mode
View-OnlyObserve active sessions, no keyboard input, no transfer, no print

All roles are enforced server-side. There is no client-side bypass path.

TLS

FIPS 140-2: A FIPS build is available using BoringCrypto (certificate 3678). Build with make build-fips. The FIPS binary uses BoringSSL for all cryptographic operations and refuses non-compliant cipher suites.

Audit Logging

Session Security

Data Protection

Security Disclosure

To report a security vulnerability in IMTerm, contact support@infomanta.com. Please include a description of the issue, steps to reproduce, and the IMTerm version. We respond to all reports within 2 business days.