|
|||
1. Security Services (Overview) Part II System, File, and Device Security 2. Managing Machine Security (Overview) 3. Controlling Access to Systems (Tasks) 4. Virus Scanning Service (Tasks) 5. Controlling Access to Devices (Tasks) 6. Using the Basic Audit Reporting Tool (Tasks) 7. Controlling Access to Files (Tasks) Part III Roles, Rights Profiles, and Privileges 8. Using Roles and Privileges (Overview) 9. Using Role-Based Access Control (Tasks) 10. Role-Based Access Control (Reference) Part IV Solaris Cryptographic Services 13. Solaris Cryptographic Framework (Overview) 14. Solaris Cryptographic Framework (Tasks) 15. Solaris Key Management Framework Part V Authentication Services and Secure Communication 16. Using Authentication Services (Tasks) Administering Secure RPC (Task Map) 19. Using Solaris Secure Shell (Tasks) 20. Solaris Secure Shell (Reference) 21. Introduction to the Kerberos Service 22. Planning for the Kerberos Service 23. Configuring the Kerberos Service (Tasks) 24. Kerberos Error Messages and Troubleshooting 25. Administering Kerberos Principals and Policies (Tasks) 26. Using Kerberos Applications (Tasks) 27. The Kerberos Service (Reference) 28. Solaris Auditing (Overview) 29. Planning for Solaris Auditing 30. Managing Solaris Auditing (Tasks) |
Administering Authentication With Secure RPCBy requiring authentication for use of mounted NFS file systems, you increase the security of your network. How to Restart the Secure RPC Keyserver
How to Set Up a Diffie-Hellman Key for an NIS+ HostThis procedure should be done on every host in the NIS+ domain. After root has run the keylogin command, the server has GSS-API acceptor credentials for mech_dh and the client has GSS-API initiator credentials. For a detailed description of NIS+ security, see System Administration Guide: Naming and Directory Services (NIS+).
Example 16-1 Setting Up a New Key for root on an NIS+ ClientThe following example uses the host pluto to set up earth as an NIS+ client. You can ignore the warnings. The keylogin command is accepted, verifying that earth is correctly set up as a secure NIS+ client. # nisinit -cH pluto NIS Server/Client setup utility. This system is in the example.com. directory. Setting up NIS+ client ... All done. # nisaddcred local # nisaddcred des DES principal name : unix.earth@example.com Adding new key for unix.earth@example.com (earth.example.com.) Network password:<Type password> Warning, password differs from login password. Retype password: <Retype password> # keylogin Password: <Type password> # How to Set Up a Diffie-Hellman Key for an NIS+ UserThis procedure should be done on every user in the NIS+ domain.
Example 16-2 Setting Up a New Key for an NIS+ UserIn the following example, a key for Diffie-Hellman authentication is given to the user jdoe. # nisaddcred -p unix.1234@example.com -P jdoe.example.com. des DES principal name : unix.1234@example.com Adding new key for unix.1234@example.com (jdoe.example.com.) Password: <Type password> Retype password:<Retype password> # rlogin rootmaster -l jdoe % keylogin Password: <Type password> % How to Set Up a Diffie-Hellman Key for an NIS HostThis procedure should be done on every host in the NIS domain.
Example 16-3 Setting Up a New Key for root on an NIS ClientIn the following example, earth is set up as a secure NIS client. # newkey -h earth Adding new key for unix.earth@example.com New Password: <Type password> Retype password:<Retype password> Please wait for the database to get updated... Your new key has been successfully stored away. # How to Set Up a Diffie-Hellman Key for an NIS UserThis procedure should be done for every user in the NIS domain. Before You BeginOnly system administrators, when logged in to the NIS master server, can generate a new key for a user.
Example 16-4 Setting Up and Encrypting a New User Key in NISIn this example, superuser sets up the key. # newkey -u jdoe Adding new key for unix.12345@example.com New Password: <Type password> Retype password:<Retype password> Please wait for the database to get updated... Your new key has been successfully stored away. # Then the user jdoe re-encrypts the key with a private password. % chkey -p Updating nis publickey database. Reencrypting key for unix.12345@example.com Please enter the Secure-RPC password for jdoe:<Type password> Please enter the login password for jdoe: <Type password> Sending key change request to centralexample... How to Share NFS Files With Diffie-Hellman AuthenticationThis procedure protects shared file systems on an NFS server by requiring authentication for access. Before You BeginDiffie-Hellman public key authentication must be enabled on the network. To enable authentication on the network, do one of the following:
|
||
|