Chapter 3. Defining Directory Service Security Architecture
This chapter discusses client-server directory service architectures and describes what you can and cannot do to secure data transfers and authentication. The focus is on the Secured LDAP Client, which is a core and integral component of the Solaris 9 Operating Environment.
This chapter starts by discussing the Sun ONE Directory Server software security features such as access control and authentication mechanisms, in particular SASL DIGEST-MD5 and the Generic Security Services Application Programming Interface (GSSAPI) authentication mechanisms, followed by Transport Layer Security (TLS), and the Start TLS functionality. The server side is discussed from a system administration and developer point of view. The final part of this chapter describes the PAM components and modules.
This chapter is organized into the following sections: