Authentication and Authorization for Remote Access
Authentication is a way to restrict access to specific users when these users access a remote system. Authentication can be set up at both the system level and the network level. After a user has gained access to a remote system, authorization is a way to restrict operations that the user can perform. The following table lists the services that provide authentication and authorization.
Table 2–3 Authentication and Authorization Services for Remote Access|
Service |
Description |
For More Information |
|---|---|---|
|
IPsec |
IPsec provides host-based and certificate-based authentication and network traffic encryption. |
Chapter 19, IP Security Architecture (Overview), in System Administration Guide: IP Services |
|
Kerberos |
Kerberos uses encryption to authenticate and authorize a user who is logging in to the system. |
For an example, see How the Kerberos Service Works. |
|
LDAP and NIS+ |
The LDAP directory service and the NIS+ name service can provide both authentication and authorization at the network level. |
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) and System Administration Guide: Naming and Directory Services (NIS+) |
|
Remote login commands |
The remote login commands enable users to log in to a remote system over the network and use its resources. Some of the remote login commands are rlogin, rcp, and ftp. If you are a “trusted host,” authentication is automatic. Otherwise, you are asked to authenticate yourself. |
Chapter 29, Accessing Remote Systems (Tasks), in System Administration Guide: Network Services |
|
SASL |
The Simple Authentication and Security Layer (SASL) is a framework that provides authentication and optional security services to network protocols. Plugins enable you to choose an appropriate authentication protocol. | |
|
Secure RPC |
Secure RPC improves the security of network environments by authenticating users who make requests on remote machines. You can use either the UNIX, DES, or Kerberos authentication system for Secure RPC. | |
|
|
Secure RPC can also be used to provide additional security in an NFS environment. An NFS environment with secure RPC is called Secure NFS. Secure NFS uses Diffie-Hellman authentication for public keys. | |
|
Solaris Secure Shell |
Solaris Secure Shell encrypts network traffic over an unsecured network. Solaris Secure Shell provides authentication by the use of passwords, public keys, or both. Solaris Secure Shell uses RSA and DSA authentication for public keys. |
A possible substitute for Secure RPC is the Solaris privileged port mechanism. A privileged port is assigned a port number less than 1024. After a client system has authenticated the client's credential, the client builds a connection to the server by using the privileged port. The server then verifies the client credential by examining the connection's port number.
Clients that are not running Solaris software might be unable to communicate by using the privileged port. If the clients cannot communicate over the port, you see an error message that is similar to the following:
“Weak Authentication NFS request from unprivileged port” |
- © 2010, Oracle Corporation and/or its affiliates