Page 230 - DCAP311_DCAP607_WIRELESS

Page 230 - DCAP311_DCAP607_WIRELESS_NETWORKS

P. 230

Wireless Networks

Notes In a similar fashion a system administrator can use authentication load module names for
the SYSTEMattribute.

Example: When SYSTEM attribute is set to SYSTEM=KRB5files OR compat,
the AIX host will first try a Kerberos flow for authentication and if it fails, then it will try
standard AIXauthentication.
SYSTEM and registry attributes are always stored on the local file system in the/etc/security/
user file. If an AIX user is defined in LDAP and the SYSTEM and registry attributes are set
accordingly, then the user will have an entry in the /etc/security/user file.
The SYSTEM and registry attributes of a user can be changed using the chuser command.
Acceptable tokens for the SYSTEM attribute can be defined in the /usr/lib/security/methods.
cfgfile.

Notes The root user is always authenticated by means of the local system security file.
The SYSTEMattribute entry for the root user is specifically set to SYSTEM=compat in the/
etc/security/user file.

Alternative methods of authentication are integrated into the system by means of
the SYSTEMattribute that appears in /etc/security/user. For instance, the Distributed Computing
Environment (DCE) requires password authentication but validates these passwords in a manner
different from the encryption model used in etc/passwd and /etc/security/passwd. Users who
authenticate by means of DCE can have their stanza in /etc/security/user set to SYSTEM=DCE.
Other SYSTEM attribute values are compat, files, and NONE. The compat token is used
when name resolution (and subsequent authentication) follows the local database, and if no
resolution is found, the Network Information Services (NIS) database is tried. The files token
specifies that only local files are to be used during authentication. Finally, the NONE token
turns off method authentication. To turn off all authentication, the NONE token must appear in
the SYSTEM and auth1 lines of the user's stanza.

Notes The root user is always authenticated by means of the local system security file.
The SYSTEMattribute entry for the root user is specifically set to SYSTEM = "compat" in /
etc/security/user.

14.1.2 Creating Strong User Authentication

The most common solution approaches that are used today involve, in more generalized terms,
various forms of enhanced shared-secret and/or multifactor authentication.
Enhanced shared-secret authentication refers to extensions of conventional knowledge-based
(single-factor) authentication—for example, additional passwords, site keys, preregistered
graphical icons to support mutual authentication, challenge-response, randomized code
selections that are based on input patterns, CAPTCHA, and so on.

Multifactor authentication refers to a compound implementation of two or more classes of
human-authentication factors:

z z Something known to only the user—Knowledge-based (for example, password, pass
phrase, shared secrets, account details and transaction history, PIN, CAPTCHA, and so
on).

224 LOVELY PROFESSIONAL UNIVERSITY

225 226 227 228 229 230 231 232 233 234 235