It is used as secure transport for an amazing number of protocols and applications. OpenSSH runs on almost any Unix-like host, binary packages are available for most operating systems, and it allows terminal communication and file transfer between any two hosts. Shouldn’t we have a standardized network authentication system? Having such a system would give IT managers more choices, prevent vendor lock-in, and make life easier for administrators and users.įor example, let us look at OpenSSH. These standards help all distributions work together nicely, and make life easier for application developers. In the Linux world, there is the Filesystem Hierarchy Standard (FHS) and the Linux Standard Base (LSB). I should be able to configure any common open source operating system to use centralized naming and authentication services after editing no more than two config files. What we need is a system that is standardized to the point that any GNU/Linux or *BSD based system can be easily configured to use a standard network authentication scheme. Novell is working on a Kerberos interface to their successful eDirectory system, and they can already authenticate Linux hosts to eDirectory via LDAP. Microsoft, Sun, and Apple can utilize Kerberos and LDAP in their current systems. As long as you exclusively use the vendor’s proprietary system, all of your hosts will play together nicely. Microsoft, Novell, Sun, and Apple already support unified network authentication, and have been doing this for a long time. In addition, authentication systems should be able to log authentication transactions.įor the remainder of this article, “network authentication system” will refer to both naming and authentication, since both are necessary to login to Unix-like systems and to access resources. Authentication can be handled by many protocols, including TACACS+, RADIUS, and Kerberos. This data is sometimes called directory information.Īuthentication is the process of actually allowing (or not allowing) a user to login to a host or access a resource. This can be handled by protocols like Hesiod, LDAP, and NIS/NIS+. Global naming has to do with storing globally unique UIDs, GIDs, usernames, groupnames, and other network-wide information such as a user’s login directory and preferred shell. There are two issues that need to be solved in a network authentication system for Unix-like operating systems: Until there is a standardized, interoperable, community and industry supported network authentication system included with most open source operating systems, Microsoft will continue to rule the enterprise. This should be a straightforward procedure. IT managers want to be able to install servers and desktop client machines on their network that securely authenticate users against a centralized database. So why do we put up with this for network authentication? Do organizations typically do lots of in-house development work to make sure that web browsers and web servers on their intranets can talk to each other? Do they develop custom routing protocols for their internal networks? Making multiple Linux distributions and Unices work together is a time-consuming nightmare. Sure it can, but it always ends up being a customized, site-specific solution that requires lots of time and effort to test, document, setup, and maintain. “But that can be installed and configured!”, you say. It does not use secure, network-based authentication. “A stock *BSD or GNU/Linux system has hundreds of security tools! Compared to Windows XP, my open source workstation is more secure, has more security tools, and is infinitely more flexible! What about S/KEY Kerberos, OpenLDAP, IPSec, OpenSSL, OpenSSH, RADIUS, PAM, GnuPG, and Samba 3?”īy default, your system uses flat files. This is a very real stumbling block to the adoption of open source in the enterprise. That weakness is the lack of a standardized, secure, interoperable network authentication system. The critical weakness relates to a very basic function of any network operating system. What is this critical weakness? Lack of support for Internet Explorer and MS Office? Hardware compatibility issues? Retraining users? Without progress in this area, open source in the enterprise will always play second fiddle to Microsoft, Novell, and other corporate computing entities. However, there is one glaring weakness that needs to be remedied. The open source community has mastered many challenges and has been successful in numerous areas.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |