- BSD Authentication
BSD Authentication, otherwise known as BSD Auth, is an
authentication framework andsoftware API employed by someUnix-like operating system s, specificallyOpenBSD andBSD/OS , and accompanying system and application software such asOpenSSH and Apache. It originated with BSD/OS and although the specification and implementation were donated to theFreeBSD project byBSDi , ultimately OpenBSD chose to adopt the framework in release 2.9.Pluggable Authentication Modules (PAM) serves a similar purpose on other operating systems such asLinux ,FreeBSD andNetBSD .BSD Auth performs authentication by executing scripts or programs as separate processes from the one requiring the authentication. This prevents the child authentication process from interfering with the parent except through a narrowly defined
inter-process communication API, a technique inspired by theprinciple of least privilege and known as "privilege separation". This behaviour has significant security benefits, notably improved fail-safeness of software, and robustness against malicious and accidentalsoftware bug s.cite conference | author = Niels Provos, CITI, "University of Michigan "; Markus Friedl, "GeNUA mbH"; Peter Honeyman, CITI, "University of Michigan" | date = 2003 | url = http://www.usenix.org/events/sec03/tech/provos_et_al.html | title = Preventing Privilege Escalation | booktitle = Proceedings of the 12thUSENIX Security Symposium | pages = 231–242] PAM uses an alternative system where the modules providing authentication are dynamically linked into the requesting process. This method is considered to be more flexible than BSD AuthFact|date=February 2007, but does not provideprivilege separation without additional configuration.References
See also
*
Name Service Switch
*Pluggable Authentication Modules External links
*man|3|authenticate|OpenBSD|simplified interface to the BSD Authentication system
*man|3|bsd_auth|OpenBSD|interface to the BSD Authentication system
Wikimedia Foundation. 2010.
