Authentication is a mechanism that identifies a user or service based on predefined criteria. Authentication services range from simple name-password pairs to more elaborate challenge-response systems, such as smart cards and biometrics. Strong authentication mechanisms rely on a user supplying information that only that person knows, and a personal item that can be verified. A user name is an example of information that the person knows. A smart card or a fingerprint, for example, can be verified. The Solaris features for authentication include the following:
Secure RPC – An authentication mechanism that uses the Diffie-Hellman protocol to protect NFS mounts and a name service, such as NIS or NIS+. See Overview of Secure RPC.
Pluggable Authentication Module (PAM) – A framework that enables various authentication technologies to be plugged into a system entry service without recompiling the service. Some of the system entry services include login and ftp. See Chapter 17, Using PAM.
Simple Authentication and Security Layer (SASL) – A framework that provides authentication and security services to network protocols. See Chapter 18, Using SASL.
Solaris Secure Shell – A secure remote login and transfer protocol that encrypts communications over an insecure network. See Chapter 19, Using Solaris Secure Shell (Tasks).
Kerberos service – A client-server architecture that provides encryption with authentication. See Chapter 21, Introduction to the Kerberos Service.
Solaris smart card – A plastic card with a microprocessor and memory that can be used with a card reader to access systems. See Solaris Smartcard Administration Guide.