System Administration Guide: Security Services

Authentication and Authorization

Authentication is a way to restrict access to specific users when they access a remote system, which can be set up at both the system level or network level. Once a user gains access to a remote system, authorization is a way to restrict operations that the user can perform on the remote system. The following table lists the types of authentications and authorizations that can help protect your systems on the network against unauthorized use.

Table 14–4 Types of Authentication and Authorization for Remote Access



Where to Find Information 

LDAP and NIS+ 

The LDAP directory service and the NIS+ name service can provide both authentication and authorization at the network level. 

System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) and System Administration Guide: Naming and Directory Services (FNS and NIS+)

Remote login commands 

The remote login commands (rlogin, rcp, ftp) enable users to log in to a remote system over the network and use its resources. If you are a “trusted host,” authentication is automatic. Otherwise, you are asked to authenticate yourself.

“Accessing Remote Systems (Tasks)” in System Administration Guide: Resource Management and Network Services

Secure RPC 

Secure RPC improves the security of network environments by authenticating users who make requests on remote systems. You can use either the UNIX, DES, or Kerberos authentication system for Secure RPC. 

Overview of Secure RPC


Secure RPC can also be used to provide additional security to the NFS environment, called Secure NFS. 

NFS Services and Secure RPC

DES encryption 

The Data Encryption Standard (DES) encryption functions use a 56-bit key to encrypt a secret key. 

DES Encryption

Diffie-Hellman authentication 

This authentication method is based on the ability of the sending system to use the common key to encrypt the current time, which the receiving system can decrypt and check against its current time. 

Diffie-Hellman Authentication


Kerberos uses DES encryption to authenticate a user when logging in to the system.  

Chapter 3, Using Authentication Services (Tasks)