Using SESAME's GSS-API to add Security to Unix Applications
نویسندگان
چکیده
SESAME is a security architecture that starts from the Kerberos protocol and adds to it public-key based authentication, role based access control, delegation of rights and an extensive auditing facility. SESAME provides the GSSAPI for securing applications and this paper describes our efforts in securing some of the most important Unix applications using SESAME: telnet, the BSD rtools and the remote procedure call. We have found the benefit of using SESAME is that the applications are secured in a uniform manner, additional security services are provided to the applications that are unavailable with other architectures, and the impact of SESAME on the application’s performance is not excessive.
منابع مشابه
The Simple and Protected GSS-API Negotiation Mechanism
The Simple and Protected GSS-API Negotiation Mechanism defined here is a pseudo-security mechanism, represented by the object identifier iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2) which enables GSS-API peers to determine in-band whether their credentials share common GSS-API security mechanism(s), and if so, to invoke normal security context establishment for a selected commo...
متن کاملRfc 6616
OpenID has found its usage on the Internet for Web Single Sign-On. Simple Authentication and Security Layer (SASL) and the Generic Security Service Application Program Interface (GSS-API) are application frameworks to generalize authentication. This memo specifies a SASL and GSS-API mechanism for OpenID that allows the integration of existing OpenID Identity Providers with applications using SA...
متن کاملRFC 6595 A SASL and GSS - API Mechanism for SAML
The Security Assertion Markup Language (SAML) has found its usage on the Internet for Web Single Sign-On. The Simple Authentication and Security Layer (SASL) and the Generic Security Service Application Program Interface (GSS-API) are application frameworks to generalize authentication. This memo specifies a SASL mechanism and a GSS-API mechanism for SAML 2.0 that allows the integration of exis...
متن کاملA Simple Authentication and Security Layer (SASL) and Generic Security Service Application Program Interface (GSS-API) Mechanism for OpenID
OpenID has found its usage on the Internet for Web Single Sign-On. Simple Authentication and Security Layer (SASL) and the Generic Security Service Application Program Interface (GSS-API) are application frameworks to generalize authentication. This memo specifies a SASL and GSS-API mechanism for OpenID that allows the integration of existing OpenID Identity Providers with applications using SA...
متن کاملName Attributes for the GSS - API
The naming extensions to the Generic Security Service Application Programming Interface (GSS-API) provide a mechanism for applications to discover authorization and personalization information associated with GSS-API names. The Extensible Authentication Protocol GSS-API mechanism allows an Authentication, Authorization, and Accounting (AAA) peer to provide authorization attributes alongside an ...
متن کامل