Identity Management

I l @ ve RuBoard

It has become common practice that user identifiers are public information. However, there is no reason to expose this information. Since, in most cases, the identifier is half of what is needed to gain access to a system, it too should not be public information. The association of identity and user is important only to the administrators of the system. It is needed to assign responsibility and billing of consumed resources. Otherwise, the actual identity of the user is not necessary to be made public.

Users' identifiers are made public in a number of ways. They are used in reports generated by the systems and are used for identification on printouts.

E-mail

A user's e-mail address should not be the user's identifier. The e-mail system's mail transfer agent should associate a simple human name to the user's identifier and make only this name externally available. This can be the individual's actual name , for example:

 John_Doe@BigCompany.com 

This makes the e-mail address simpler to remember and protects half of the information needed to authenticate to the system, providing better system security.

Sendmail provides for relating these external identities to actual user identifiers through the use of aliases and the generics table. The alias file maps inbound mail addresses to actual accounts and the generics table remaps addresses on outbound mail to reflect the external identifier. Uncommenting the following entries in the sendmail.cf file will enable the ability to map both inbound and outbound addresses.

 O AliasFile= /etc/mail/aliases  Kgenerics dbm -o  /etc/mail/genericstable 
I l @ ve RuBoard


Halting the Hacker. A Practical Guide to Computer Security
Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)
ISBN: 0130464163
EAN: 2147483647
Year: 2002
Pages: 210

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net