Security Levels
Each request to change administration data contains a set of credentials with a UID and a set of GIDs to which the user belongs. The server uses these credentials to perform identity and permission checks. Three levels of authentication security are available.
The security levels are described in Table 3-1.
Table 3-1 Solstice AdminSuite Security Levels|
Level |
Level Name |
Description |
|---|---|---|
|
0 |
NONE |
No identity checking is done by the server. All UIDs are set to the nobody identity. This level is used mostly for testing. |
|
1 |
SYS |
The server accepts the original user and group identities from the client system and uses them as the identities for the authorization checks. There is no checking to be sure that the UID of the user represents the same user on the server system. That is, it is assumed the administrator has made the UIDs and GIDs consistent on all systems in the network. Checks are made to see if the user has permission to execute the request. |
|
2 |
DES |
Credentials are validated using DES authentication, and checks are made to be sure that the user has permission to execute the request. The user and group identities are obtained from files on the server system by mapping the user's DES network identity to a local UID and set of GIDs. The file used depends on which name service is selected on the server system. This level provides the most secure environment for performing administrative tasks and requires that a publickey entry exists for all server systems where the sadmind daemon is running, and for all users accessing the tools. |
Note -
Level 1 is the default security used by sadmind.
- © 2010, Oracle Corporation and/or its affiliates