Authentication and Authorization
Authentication is a way to restrict access to specific users when they access a remote system, which can be set up at both the system level or network level. Once a user gains access to a remote system, authorization is a way to restrict operations that the user can perform on the remote system. The following table lists the types of authentications and authorizations that can help protect your systems on the network against unauthorized use.
Table 14–4 Types of Authentication and Authorization for Remote Access|
Type |
Description |
Where to Find Information |
|---|---|---|
|
LDAP and NIS+ |
The LDAP directory service and the NIS+ name service can provide both authentication and authorization at the network level. |
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) and System Administration Guide: Naming and Directory Services (FNS and NIS+) |
|
Remote login commands |
The remote login commands (rlogin, rcp, ftp) enable users to log in to a remote system over the network and use its resources. If you are a “trusted host,” authentication is automatic. Otherwise, you are asked to authenticate yourself. | |
|
Secure RPC |
Secure RPC improves the security of network environments by authenticating users who make requests on remote systems. You can use either the UNIX, DES, or Kerberos authentication system for Secure RPC. | |
|
|
Secure RPC can also be used to provide additional security to the NFS environment, called Secure NFS. | |
|
DES encryption |
The Data Encryption Standard (DES) encryption functions use a 56-bit key to encrypt a secret key. | |
|
Diffie-Hellman authentication |
This authentication method is based on the ability of the sending system to use the common key to encrypt the current time, which the receiving system can decrypt and check against its current time. | |
|
Kerberos |
Kerberos uses DES encryption to authenticate a user when logging in to the system. |
- © 2010, Oracle Corporation and/or its affiliates