1. Securing Systems and Attached Devices in Oracle Solaris 11.4
  2. Managing Computer System Security
  3. Controlling Access to a Computer System
  4. Controlling Logins

Controlling Logins

You can prevent unauthorized logins to a system or the network through password assignment and login control. A password is a simple authentication mechanism. All accounts on a system must have a password. An account without a password makes your entire network accessible to an intruder who guesses a user name. A strong password algorithm protects against brute force attacks.

When a user logs in to a system, the login command checks the appropriate naming service or directory service database according to the information in the name switch service, svc:/system/name-service/switch. To change values in a naming service database, you use the SMF commands. The naming services indicate the location of the databases that affect login:

  • files – Designates the /etc files on the local system

  • ldap – Designates the LDAP directory service on the LDAP server

  • nis – Designates the NIS database on the NIS master server

  • dns – Designates the domain name service on the network

For a description of the naming service, see the nscd(8) man page. For information about naming services and directory services, see Working With Oracle Solaris 11.4 Directory and Naming Services: DNS and NIS and Working With Oracle Solaris 11.4 Directory and Naming Services: LDAP.

The login command verifies the user name and password that were supplied by the user. If the user name is not in the password database, the login command denies access to the system. If the password is not correct for the user name that was specified, the login command denies access to the system. When the user supplies a valid user name and its corresponding password, the system grants the user access to the system.

PAM modules can streamline logging in to applications after a successful system login. For more information, see Chapter 1, Using Pluggable Authentication Modules in Managing Authentication in Oracle Solaris 11.4.

Sophisticated authentication and authorization mechanisms are available on Oracle Solaris systems. For a discussion of authentication and authorization mechanisms at the network level, see Authentication and Authorization for Remote Access.