1. Securing Systems and Attached Devices in Oracle Solaris 11.4
  2. Managing Computer System Security
  3. Controlling Network Access
  4. Authentication and Authorization for Remote Access

Authentication and Authorization for Remote Access

Authentication is a way to control access when users try to access a remote system. Authentication can be set up at both the system level and the network level. After a user has gained access to a remote system, authorization is a way to restrict operations that the user can perform. The following table lists the services that provide authentication and authorization.

Table 1-3 Authentication Services for Remote Access

Service Description For More Information

IPsec

IPsec provides host-based and certificate-based authentication and network traffic encryption.

Chapter 6, About IP Security Architecture in Securing the Network in Oracle Solaris 11.4

Kerberos

Kerberos uses encryption to authenticate and authorize a user who is logging in to the system.

For an example, see How the Kerberos Service Works in Managing Kerberos in Oracle Solaris 11.4.

LDAP

The LDAP directory service can provide both authentication and authorization at the network level.

Working With Oracle Solaris 11.4 Directory and Naming Services: DNS and NIS

Remote login commands

Remote login commands enable users to log in to a remote system over the network and use its resources. The ssh command is enabled by default. If you are a trusted host, authentication is automatic. Otherwise, you are asked to authenticate yourself.

Chapter 3, Accessing Remote Systems in Managing Remote Systems in Oracle Solaris 11.4

SASL

The Simple Authentication and Security Layer (SASL) is a framework that provides authentication and optional security services to network protocols. Plugins enable you to choose an appropriate authentication protocol.

About SASL in Managing Authentication in Oracle Solaris 11.4

Secure NFS

MIT Kerberos V supports a secure NFS environment by protecting communications for integrity, privacy, and authentication.

Managing Kerberos in Oracle Solaris 11.4

Secure Shell

Secure Shell encrypts network traffic over an unsecured network. Secure Shell provides authentication by the use of passwords, public keys, or both.

About Secure Shell in Managing Secure Shell Access in Oracle Solaris 11.4

The Oracle Solaris privileged port mechanism can protect Secure Shell communication. A privileged port is assigned a port number less than 1024. After a client system has authenticated the client's credential, the client builds a connection to the server by using the privileged port. The server then verifies the client credential by examining the connection's port number.

Clients that are not running Oracle Solaris software might be unable to communicate over the privileged port. If the clients cannot communicate over the port, you see an error message that appears similar to the following:

"Weak Authentication
NFS request from unprivileged port"