资源描述:
《1 pluggable authentication module for windows ntnew》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、PluggableAuthenticationModuleforWindowsNTNaomaruItoiPeterHoneymanCenterforInformationTechnologyIntegrationUniversityofMichiganAnnArborAbstractTomeetthechallengeofintegratingnewmethodsandtechnologiesintotheInternetsecurityframework,itisusefultohidelow-
2、levelauthenticationmechanismsfromapplicationprogrammers,systemadministrators,andusers,replacingthemwithabstractionsatahigherlevel.ThePluggableAuthenticationMethodapproachpopularinLinux,Solaris,andCDEoffersonesuchabstraction.ToimplementPAMinNT,wereplac
3、edthestandardGraphicalIdentificationandAuthenticationmodulewithonethatprocessesPAMtables.Thisprovidessecurityadministratorswithaflexibletooltoplanandimplementauthenticationpolicyacrossawiderangeofcomputingplatforms.GINAiswovenintotheNTlogonprocedure,m
4、akingitadifficultmoduletotestanddebug.OurPAM-basedGINAsolvesthisproblembyallowingauthenticationmechanismstobereplacedandtestedwithoutforcingareboot.1IntroductionSecuritytechnologiesareconstantlyevolvingtomeetthedemandsofInternetservices.Forexample,net
5、workauthenticationprotocolssuchasKerberos[SNS88,KNT91],andNetware4.0[REF]undergoperiodicrevisiontomeetnewchallenges.Similarly,thebasisofsecureauthenticationevolves,replacingpassword-basedmethodswithonesthatdependonsmartcardsorbiometrics.Tomeetthechall
6、engeofintegratingnewmethodsandtechnologiesintotheInternetsecurityframework,itisusefultohidelow-levelauthenticationmechanisms(orAMs)fromapplicationprogrammers,systemadministrators,andusers,replacingthemwithabstractionsatahigherlevel.Thisallowstheunderl
7、yingmechanismstobereplacedasneededwithoutchangingAPIs,documentation,orthe“userexperience.”ThePluggableAuthenticationModule(PAM)frameworkprovidesanattractiveabstractionforuseridentificationandauthentication.PAMdefinesagenericAPIforauthenticationmechani
8、sms,hidingtheunderlyingmechanisms.Thisprovidesforeasyreplacementofauthenticationcomponentsandoffersanattractivesolutiontothe“singlesign-on”problemforusers[SS95PAMisimplementedinLinux,Solaris,andtheCommonDesktopEnvironment(CDE),andisadefactosta