Полезная информация

Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: 19.6 KerberosChapter 19
RPC, NIS, NIS+, and Kerberos
Next: 20. NFS

19.7 Other Network Authentication Systems

Besides Sun's Secure RPC and Kerberos, there are a variety of other systems for providing authentication and encryption services over an unprotected network.

19.7.1 DCE

DCE is the Distributed Computing Environment developed by the Open Software Foundation. DCE is an integrated computing environment that provides many services, including user authentication, remote procedure call, distributed file sharing, and configuration management. DCE's authentication is very similar to Kerberos, and its file sharing is very similar to the Andrew File System.

DCE's security is based on a Security Server. The Security Server maintains an access control list for various operations and decides whether clients have the right to request operations.

DCE clients communicate with DCE servers using DCE Authenticated RPC. To use Authenticated RPC, each DCE principal (user or service) must have a secret key that is known only to itself and the Security Server.

A complete description of DCE can be found at http://www.osf.org/dce

19.7.2 SESAME

SESAME is the Secure European System for Applications in a Multi-vendor Environment. It is a single sign-on authentication system similar to Kerberos.

SESAME incorporates many features of Kerberos 5, but adds heterogeneity, access control features, scalability of public key systems, improved manageability, and an audit system.

The primary difference between SESAME and Kerberos is that SESAME uses public key cryptography (which is not covered by patent in Europe), allowing it to avoid some of the operational difficulties that Kerberos experiences. SESAME is funded in part by the Commission of the European Union's RACE program.

A complete description of SESAME can be found at the following Web address: http://www.esat.kuleuven.ac.be/cosic/sesame3.html

Previous: 19.6 KerberosPractical UNIX & Internet SecurityNext: 20. NFS
19.6 KerberosBook Index20. NFS