Authentication Services
Authentication is a mechanism that identifies a user or service based on predefined
criteria. Authentication services range from simple name-password pairs to more elaborate challenge-response systems,
such as smart cards and biometrics. Strong authentication mechanisms rely on a user
supplying information that only that person knows, and a personal item that can
be verified. A user name is an example of information that the person
knows. A smart card or a fingerprint, for example, can be verified. The
Solaris features for authentication include the following:
Secure RPC – An authentication mechanism that uses the Diffie-Hellman protocol to protect NFS mounts and a name service, such as NIS or NIS+. See Overview of Secure RPC.
Pluggable Authentication Module (PAM) – A framework that enables various authentication technologies to be plugged into a system entry service without recompiling the service. Some of the system entry services include login and ftp. See Chapter 17, Using PAM.
Simple Authentication and Security Layer (SASL) – A framework that provides authentication and security services to network protocols. See Chapter 18, Using SASL.
Solaris Secure Shell – A secure remote login and transfer protocol that encrypts communications over an insecure network. See Chapter 19, Using Solaris Secure Shell (Tasks).
Kerberos service – A client-server architecture that provides encryption with authentication. See Chapter 21, Introduction to the Kerberos Service.
