Authentication and Authorization for Remote Access
Authentication is a way to control access when users try to
access a remote system. Authentication can be set up at both the system level and
the network level. After a user has gained access to a remote system,
authorization is a way to restrict operations that the user
can perform. The following table lists the services that provide authentication and
authorization.
Table 1-3 Authentication Services for Remote Access
|
|
|
IPsec
|
IPsec provides host-based and certificate-based authentication
and network traffic encryption.
|
|
Kerberos
|
Kerberos uses encryption to authenticate and authorize a user
who is logging in to the system.
|
|
LDAP
|
The LDAP directory service can provide both authentication and
authorization at the network level.
|
|
Remote login commands
|
The remote login commands enable users to log in to a remote
system over the network and use its resources. Some of the
remote login commands are rlogin,
rcp, and ftp. If you
are a trusted host, authentication is automatic. Otherwise, you
are asked to authenticate yourself.
|
|
SASL
|
The Simple Authentication and Security Layer (SASL) is a
framework that provides authentication and optional security
services to network protocols. Plugins enable you to choose an
appropriate authentication protocol.
|
|
Secure RPC
|
Secure RPC improves the security of network environments by
authenticating users who make requests on remote machines. You
can use either a UNIX, DES, or Kerberos authentication mechanism
for Secure RPC.
|
|
|
Secure RPC can also be used to provide additional security in
an NFS environment. An NFS environment with secure RPC is called
Secure NFS.
|
|
Secure Shell
|
Secure Shell encrypts network traffic over an unsecured network.
Secure Shell provides authentication by the use of passwords, public
keys, or both.
|
|
|
A possible substitute for Secure RPC is the Oracle Solaris privileged
port mechanism. A privileged port is assigned a port number less than
1024. After a client system has authenticated the client's
credential, the client builds a connection to the server by using the privileged
port. The server then verifies the client credential by examining the connection's
port number.
Clients that are not running Oracle Solaris software might be unable to communicate by
using the privileged port. If the clients cannot communicate over the port, you see
an error message that appears similar to the following:
“Weak Authentication
NFS request from unprivileged port”