Chapter 3. Defining Directory Service Security Architecture

Chapter 3. Defining Directory Service Security Architecture

This chapter discusses client-server directory service architectures and describes what you can and cannot do to secure data transfers and authentication. The focus is on the Secured LDAP Client, which is a core and integral component of the Solaris 9 Operating Environment.

This chapter starts by discussing the Sun ONE Directory Server software security features such as access control and authentication mechanisms, in particular SASL DIGEST-MD5 and the Generic Security Services Application Programming Interface (GSSAPI) authentication mechanisms, followed by Transport Layer Security (TLS), and the Start TLS functionality. The server side is discussed from a system administration and developer point of view. The final part of this chapter describes the PAM components and modules.

This chapter is organized into the following sections:

  • "Understanding Directory Server Security" on page 36

  • "Understanding the SASL Mechanism" on page 40

  • "GSSAPI Authentication and Kerberos v5" on page 62

  • "TLSv1/SSL Protocol Support" on page 93

  • "Start TLS Overview" on page 152

  • "Enhanced Solaris OE PAM Features" on page 154

  • "Secured LDAP Client Backport to the Solaris 8 OE" on page 180



LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services
LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services
ISBN: 131456938
EAN: N/A
Year: 2005
Pages: 87

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net