BSD Authentication

BSD Authentication

BSD Authentication, otherwise known as BSD Auth, is an authentication framework and software API employed by some Unix-like operating systems, specifically OpenBSD and BSD/OS, and accompanying system and application software such as OpenSSH and Apache. It originated with BSD/OS and although the specification and implementation were donated to the FreeBSD project by BSDi, ultimately OpenBSD chose to adopt the framework in release 2.9. Pluggable Authentication Modules (PAM) serves a similar purpose on other operating systems such as Linux, FreeBSD and NetBSD.

BSD Auth performs authentication by executing scripts or programs as separate processes from the one requiring the authentication. This prevents the child authentication process from interfering with the parent except through a narrowly defined inter-process communication API, a technique inspired by the principle of least privilege and known as "privilege separation". This behaviour has significant security benefits, notably improved fail-safeness of software, and robustness against malicious and accidental software bugs.cite conference | author = Niels Provos, CITI, "University of Michigan"; Markus Friedl, "GeNUA mbH"; Peter Honeyman, CITI, "University of Michigan" | date = 2003 | url = http://www.usenix.org/events/sec03/tech/provos_et_al.html | title = Preventing Privilege Escalation | booktitle = Proceedings of the 12th USENIX Security Symposium | pages = 231–242] PAM uses an alternative system where the modules providing authentication are dynamically linked into the requesting process. This method is considered to be more flexible than BSD AuthFact|date=February 2007, but does not provide privilege separation without additional configuration.

References

See also

* Name Service Switch
* Pluggable Authentication Modules

External links

*man|3|authenticate|OpenBSD|simplified interface to the BSD Authentication system
*man|3|bsd_auth|OpenBSD|interface to the BSD Authentication system


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Pluggable Authentication Modules — or PAM are a mechanism to integrate multiple low level authentication schemes into a high level application programming interface (API), which allows programs that rely on authentication to be written independently of the underlying… …   Wikipedia

  • Pluggable Authentication Module — Die Pluggable Authentication Modules (PAM) sind eine Softwarebibliothek, die eine allgemeine Programmierschnittstelle (API) für Authentisierungsdienste zur Verfügung stellt. PAM wurde 1995 von Vipin Samar und Charlie Lai bei Sun Microsystems… …   Deutsch Wikipedia

  • Pluggable Authentication Modules — Die Pluggable Authentication Modules (PAM) sind eine Softwarebibliothek, die eine allgemeine Programmierschnittstelle (API) für Authentisierungsdienste zur Verfügung stellt. PAM wurde 1995 von Vipin Samar und Charlie Lai bei Sun Microsystems… …   Deutsch Wikipedia

  • Pluggable Authentication Modules — Для улучшения этой статьи по информационным технологиям желательно?: Исправить статью согласно стилистическим правилам Википедии. Дополнить статью (статья слишком короткая либо содержит лишь слов …   Википедия

  • OPIE Authentication System — OPIE is the initialism of One time Passwords In Everything . Opie is a mature, Unix like login and password package installed on the server and the client which makes untrusted networks safer against password sniffing packet analysis software… …   Wikipedia

  • OpenSSH — Don t tell anyone that I m free Developer(s) The OpenBSD Project Stable release 5.9 / September 6, 2011; 2 months ago …   Wikipedia

  • OpenBSD — OpenBSD …   Wikipedia

  • Name Service Switch — The Name Service Switch (NSS) is a facility in Unix like operating systems that provides a variety of sources for common configuration databases and name resolution mechanisms. Such source databases include local operating system files, for… …   Wikipedia

  • Name Service Switch — El Name Service Switch o NSS provee una interfaz para configurar y acceder a diferentes bases de datos de cuentas de usuarios y claves como /etc/passwd, /etc/group, /etc/hosts, LDAP, etc. Contenido 1 nsswitch.conf 2 NSS y Biblioteca estándar C 3… …   Wikipedia Español

  • OpenSSH — Тип Удалённый доступ Разработчик Проект OpenBSD Операционная система …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”