What Is SEAM?

Sun Enterprise Authentication Mechanism (SEAM) is a client/server architecture that offers strong user authentication, as well as data integrity and privacy, for providing secure transactions over networks. Authentication guarantees that the identities of both the sender and recipient of a network transaction are true; SEAM can also verify the validity of data being passed back and forth (integrity) and encrypt it during transmission (privacy). Using SEAM, you can log on to other machines, execute commands, exchange data, and transfer files securely. Additionally, SEAM provides authorization services, allowing administrators to restrict access to services and machines; moreover, as a SEAM user you can regulate other people's access to your account.

SEAM is a single-sign-on system, meaning that you only need to authenticate yourself to SEAM once per session, and all subsequent transactions during the session are automatically authenticated. You will not need to re-enter the password once your are authenticated. This means you do not have to send your password over the network, where it can be intercepted, each time you use these services.

SEAM is based on the Kerberos V5 network authentication protocol developed at the Massachusetts Institute of Technology (MIT). People who have used Kerberos V5 should therefore find SEAM very familiar. Since Kerberos V5 is a industry standard for network security (see RFC 1510), SEAM promotes interoperability with other systems. In other words, because SEAM works with systems using Kerberos V5, it allows for secure transactions even over heterogeneous networks. Moreover, SEAM provides authentication and security both between domains and within a single domain.

Because SEAM is based on, and designed to interoperate with, Kerberos V5, this manual often uses the terms "Kerberos" and "SEAM" more or less interchangeably -- for example, "Kerberos realm" or "SEAM-based utility." ("Kerberos" and "Kerberos V5" are used interchangeably as well.) The manual draws distinctions when necessary.

SEAM allows for flexibility in running Solaris applications. You can configure SEAM to allow both SEAM-based and non-SEAM-based requests for network services, such as the NFS service. That means current Solaris applications still work even if they are running on systems on which SEAM is not installed. Of course, you can also configure SEAM to allow only SEAM-based network requests.

Additionally, applications do not have to remain committed to SEAM if other security mechanisms are developed. Because SEAM is designed to layer modularly under the Generic Security Service API, applications that make use of the GSS-API can utilize whichever security mechanism best suits their needs.