Solaris ISP Server Operation

Solaris ISP Server user information is stored in the directory, and user authentication is performed using LDAP. For example, if the RADIUS server packaged with Sun Directory Services is used, the server binds to the directory and searches the user entries for the user name and authsuffixname (a directory attribute defining the user's domain) provided by the user. Once the user's directory entry is found, the server compares the password provided with the one in the directory, validating the user. Once authenticated, the user communicates with the desired service using the appropriate protocol.

Figure 1-4 Communications and Protocols in Solaris ISP Server

The ISP administrator typically accesses the administration server for Sun Internet Administrator. Once Sun Internet Administrator authenticates the administrator against the directory, it passes the login information to the services (single sign-on) as the administrator accesses them. Three-tier services invisibly authenticate the user against the directory again, blocking any attempt by an intruder pretending to be a Sun Internet Administrator. Three-tier services are described in "Three-Tier Service Architecture".