June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Chapter 4. Authentication Techniques and Infrastructures
Before you can perform any operation on a Linux system, you must have an identity , such as a username, SSH key, or Kerberos credential. The act of proving your identity is called authentication, and it usually involves some kind of password or digital key. To secure your Linux system, you need to create and control identities carefully. Our recipes span the following authentication systems:
- Pluggable Authentication Modules (PAM)
An application-level, dynamically configurable system for consistent authentication. Instead of having applications handle authentication on their own, they can use the PAM API and libraries to take care of the details. Consistency is achieved when many applications perform the same authentication by referencing the same PAM module. Additionally, applications needn’t be recompiled to change their authentication behavior: just edit a PAM configuration file (transparent to the application) and you’re done.
- Secure Sockets Layer (SSL)[1]
A network protocol for reliable, bidirectional, byte-stream connections. It provides cryptographically assured privacy (encryption), integrity, optional client authentication, and mandatory server authentication. Its authentication relies on X.509 certificates: data structures that bind an entity’s public key to a name. The binding is attested to by a second, certifying entity, by means of a digital signature; the entity owning the public key is the certificate’s ...