Security in Plan 9 ABSTRACT. and. factotum Factotum. Factotum. 1. Introduction. security. Proc. of the 2002 Usenix Security Symposium,
|
|
- Brooke Watts
- 7 years ago
- Views:
Transcription
1 Security in Plan 9 Russ Cox, MIT LCS Eric Grosse, Bell Labs Rob Pike, Bell Labs Dave Presotto, Avaya Labs and Bell Labs Sean Quinlan, Bell Labs {rsc,ehg,rob,presotto,seanq}@plan9.bell labs.com ABSTRACT and factotum Factotum Factotum 1. Introduction security Proc. of the 2002 Usenix Security Symposium,
2 factotum factotum factotum factotum factotum factotum secstore 2. An Agent for Security
3 F T F C P T P C F F P F F X factotum P X factotum Secstore factotum factotum factotum factotum Factotum /mnt/factotum factotum factotum 2.1. Logging in gre factotum factotum \n
4 factotum user[none]: gre factotum!adding key: dom=cs.bell labs.com proto=p9sk1 user[gre]: \n password: ****!Adding key: proto=apop server=plan9.bell labs.com user[gre]: \n password: **** Factotum gre user[none]: gre secstore password: ********* STA PIN+SecurID: ********* gre factotum 2.2. The factotum host owner root factotum factotum factotum cpu P T cpu P C cpu P C P T factotums P T P C P T P C factotum F T F C factotum
5 factotum factotum factotum /mnt/factotum factotum factotum factotum factotum factotum factotum factotum factotum 2.3. Local capabilities factotum /dev/caphash /dev/capuse /dev/caphash Factotum factotum string random string /dev/caphash Factotum userid1 /dev/capuse userid1 userid2 factotum 2.4. Keys key
6 Factotum attribute=value attribute value dom=bell labs.com proto=p9sk1 user=gre!password= don t tell proto=apop server=x.y.com user=gre!password= open sesame! secret Factotum query attribute=value attribute? server=x.y.com proto=apop factotum user!password server=x.y.com proto=apop user?!password? Factotum proto!password factotum server proto user password server
7 2.5. Protecting keys factotum factotum user!password proto=pass /proc factotum Factotum /proc /proc private factotum private /proc/pid/ctl factotum /proc /dev/kmem noswap /proc private noswap factotum dossrv noswap factotum confirm confirm factotum 2.6. Factotum transactions factotum key delkey /mnt/factotum/ctl Key Delkey ctl
8 % cd /mnt/factotum % ls l lrw gre gre 0 Jan 30 22:17 confirm rw gre gre 0 Jan 30 22:17 ctl lr gre gre 0 Jan 30 22:17 log lrw gre gre 0 Jan 30 22:17 needkey r r r gre gre 0 Jan 30 22:17 proto rw rw rw gre gre 0 Jan 30 22:17 rpc % cat >ctl key dom=bell labs.com proto=p9sk1 user=gre!password= don t tell key proto=apop server=x.y.com user=gre!password= bite me ^D % cat ctl key dom=bell labs.com proto=p9sk1 user=gre key proto=apop server=x.y.com user=gre % echo delkey proto=apop >ctl % cat ctl key dom=bell labs.com proto=p9sk1 user=gre % l rpc factotum rpc transaction ok start read write authinfo attr start rpc P C factotum F C P S factotum F S factotum x.y.com factotum P S F S : start proto=apop role=server F S P S : ok P S F S : read F S P S : ok +OK POP3 challenge P S P C : +OK POP3 challenge factotum
9 P C F C : start proto=apop role=client server=x.y.com F C P C : ok P C F C : write +OK POP3 challenge F C P C : ok P C F C : read F C P C : ok APOP gre response Factotum start proto role start factotum start proto=apop server=x.y.com user!password factotum P C P S : APOP gre response factotum P S F S : write APOP gre response F S P S : ok P S F S : read F S P S : ok +OK welcome P S P C : +OK welcome P S F S : authinfo F S P S : ok client=gre capability=capability authinfo attr=value attr=value factotum confirm confirm= confirm confirm tag=1 attributes tag=1 answer=yes answer=no needkey start factotum
10 F C P C : needkey proto=apop server=x.y.com user?!password? ctl start needkey /mnt/factotum/needkey needkey tag=1 attributes ctl tag=1 proto cat /mnt/factotum/proto log debug factotum 3. Authentication in 9P authentication file fauth afd = fauth(int fd, char *servicename); fd servicename afd afd factotum afd mount
11 afd mount mount(int fd, int afd, char *mountpoint, int flag, char *servicename) mount factotum afd a priori 3.1. Plan 9 shared key protocol factotum P9sk1 C S nonce C S C nonce S uid S domain S C A A C nonce S uid S domain S uid C factotum C K C nonce S uid C uid S K n K S nonce S uid C uid S K n C S S C K S nonce S uid C uid S K n K n nonce S counter K n nonce C counter K x x K nonce S K S uid C uid S K n K n nonce S counter K n uid C K n nonce C counter K n uid S
12 3.2. The authentication server keyfs authsrv Keyfs key secret log expire status disabled key secret Authsrv authsrv C S nonce C S C nonce S uid S domain S C A nonce S uid S domain S hostid C uid C A C K C nonce S uid C uid S K n K S nonce S uid C uid S K n C S K S nonce S uid C uid S K n K n nonce S S C K n nonce C C A A C C A A C uid C K c K n K n password old password new OK 3.3. Protocol negotiation p9any v.n n proto k factotum domain k
13 OK factotum 4. Library Interface to Factotum factotum fauth mount afd factotum afd amount fauth mount Amount factotum afd int amount(int fd, char *mntpt, int flags, char *aname) { int afd, ret; AuthInfo *ai; } afd = fauth(fd, aname); if(afd >= 0){ ai = auth_proxy(afd, amount_getkey, "proto=p9any role=client"); if(ai!= NULL) auth_freeai(ai); } ret = mount(fd, afd, mntpt, flags, aname); if(afd >= 0) close(afd); return ret; fd open dial factotum auth_proxy p9any client Auth_proxy factotum afd AuthInfo mount afd. fauth
14 auth_proxy amount_getkey factotum key /mnt/factotum/ctl auth_proxy printf cpu cpu exportfs cpu exportfs cpu factotum /* client */ int p9auth(int fd) { AuthInfo *ai; ai = auth_proxy(fd, auth_getkey, "proto=p9any role=client"); if(ai == NULL) return 1; } /* start cpu protocol here */ /* server */ int srvp9auth(int fd, char *user) { AuthInfo *ai; } ai = auth_proxy(fd, NULL, "proto=p9any role=server"); if(ai == NULL) return 1; /* set user id for server process */ if(auth_chuid(ai, NULL) < 0) return 1; /* start cpu protocol here */ Auth_chuid caphash capuse auth_getkey NULL
15 5. Secure Store Factotum factotum /mnt/factotum/ctl secstore key file Secstore factotum secstore C S C g x H S C S g y hash g xy C S C S hash g xy S C H C S C S secstore secstore secstore secstore H secstore H factotum secstore secstore
16 6. Transport Layer Security int pushtls(int fd, char *hashalg, char *cryptalg, int isclient, char *secret, char *dir); pushtls dir cpu exportfs pushtls int tlsclient(int fd, TLSconn *conn) pushtls conn 7. Related Work and Discussion
17 Factotum factotum O n factotum O n rlogind telnetd ftpd sshd Factotum Factotum none nobody factotum su login secstore secstore secstore
18 write sslwrite 8. Conclusion root Factotum labs.com/plan9 Acknowledgments secstore References
19 passsafe.html Kerberos Appendix: Summary of the PAK protocol q> p> p = rq + r q h Z * p g h r C H H C r H H Z * p H p H S x m g x H C m m p y g y mh y S k sha1 C S m H = x k k sha1 C S m H k K sha1 C S m H S H
Security in Plan 9. Russ Cox, MIT LCS Eric Grosse, Bell Labs Rob Pike, Bell Labs Dave Presotto, Avaya Labs and Bell Labs Sean Quinlan, Bell Labs
Security in Plan 9 Russ Cox, MIT LCS Eric Grosse, Bell Labs Rob Pike, Bell Labs Dave Presotto, Avaya Labs and Bell Labs Sean Quinlan, Bell Labs rsc,ehg,rob,presotto,seanq @ plan9.bell labs.com What comprises
More informationPlan 9 Authentication in Linux
Plan 9 Authentication in Linux Ashwin Ganti University of Illinois at Chicago aganti@cs.uic.edu ABSTRACT This paper talks about the implementation of the Plan 9 authentication mechanisms for Linux. As
More informationPersistent 9P Sessions for Plan 9
Persistent 9P Sessions for Plan 9 Gorka Guardiola, paurea@gmail.com Russ Cox, rsc@swtch.com Eric Van Hensbergen, ericvh@gmail.com ABSTRACT Traditionally, Plan 9 [5] runs mainly on local networks, where
More informationUSING MYWEBSQL FIGURE 1: FIRST AUTHENTICATION LAYER (ENTER YOUR REGULAR SIMMONS USERNAME AND PASSWORD)
USING MYWEBSQL MyWebSQL is a database web administration tool that will be used during LIS 458 & CS 333. This document will provide the basic steps for you to become familiar with the application. 1. To
More informationHow To Use Kerberos
KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed
More informationImplementing Union Filesystem as a 9P2000 File Server
Implementing Union Filesystem as a 9P2000 File Server Latchesar Ionkov Los Alamos National Laboratory lionkov@lanl.gov ABSTRACT This paper describes the design and implementation of a 9P2000 file server
More informationMinimum Requirements for Integrating Services with Central Authentication Version 1.0 December 2008
Minimum Requirements for Integrating Services with Central Authentication Version 1.0 December 2008 To better safeguard the University s data and resources, the IT Security Office requires the following
More informationWeb Security (SSL) Tecniche di Sicurezza dei Sistemi 1
Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents
More informationAuthorize.net modules for oscommerce Online Merchant.
Authorize.net Authorize.net modules for oscommerce Online Merchant. Chapters oscommerce Online Merchant v2.3 Copyright Copyright (c) 2014 oscommerce. All rights reserved. Content may be reproduced for
More informationStarWind iscsi SAN Software: Challenge-Handshake Authentication Protocol (CHAP) for Authentication of Users
StarWind iscsi SAN Software: Challenge-Handshake Authentication Protocol (CHAP) for Authentication of Users www.starwindsoftware.com Copyright 2008-2011. All rights reserved. COPYRIGHT Copyright 2008-2011.
More informationIntroduction to Linux (Authentication Systems, User Accounts, LDAP and NIS) Süha TUNA Res. Assist.
Introduction to Linux (Authentication Systems, User Accounts, LDAP and NIS) Süha TUNA Res. Assist. Outline 1. What is authentication? a. General Informations 2. Authentication Systems in Linux a. Local
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationTo integrate Oracle Application Server with Active Directory follow these steps.
Active Directory to Oracle Internet Directory (OID) Integration To integrate Oracle Application Server with Active Directory follow these steps. Active Directory Synchronization 1. The ability to connect
More informationUsing LDAP Authentication in a PowerCenter Domain
Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,
More informationSmart Card Authentication. Administrator's Guide
Smart Card Authentication Administrator's Guide October 2012 www.lexmark.com Contents 2 Contents Overview...4 Configuring the applications...5 Configuring printer settings for use with the applications...5
More informationHow To Configure the Oracle ZFS Storage Appliance for Quest Authentication for Oracle Solaris
How To Configure the Oracle ZFS Storage Appliance for Quest Authentication for Oracle Solaris January 2014; v1.3 By Andrew Ness This article describes how to configure Quest Authentication Services in
More informationCreating an LDAP Directory
Systems and Network Management 1 Background Creating an LDAP Directory The ldap protocol is a standard for network directories. Some proprietary directory servers have been based on ldap, for example,
More informationApplication Notes for snom 3x0 VoIP Phones with Avaya IP Office Issue 1.0
Avaya Solution & Interoperability Test Lab Application Notes for snom 3x0 VoIP Phones with Avaya IP Office Issue 1.0 Abstract These Application Notes describe the configuration steps required for snom
More informationQualtrics Single Sign-On Specification
Qualtrics Single Sign-On Specification Version: 2010-06-25 Contents Introduction... 2 Implementation Considerations... 2 Qualtrics has never been used by the organization... 2 Qualtrics has been used by
More informationHere is a quick diagram of the ULV SSO/Sync Application. Number 3 is what we deal with in this document.
University of La Verne Single-SignOn Project How this Single-SignOn thing is built, the requirements, and all the gotchas. Kenny Katzgrau, August 25, 2008 Contents: Pre-requisites Overview of ULV Project
More informationSecure Authentication and Session. State Management for Web Services
Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively
More informationConfiguring Avaya 1120E, 1140E, 1220 and 1230 IP Deskphones with Avaya IP Office Release 6.1 Issue 1.0
Avaya Solution & Interoperability Test Lab Configuring Avaya 1120E, 1140E, 1220 and 1230 IP Deskphones with Avaya IP Office Release 6.1 Issue 1.0 Abstract These Application Notes describe a solution comprised
More informationSoftwarePlanner Active Directory Authentication
User s Guide SoftwarePlanner Active Directory Authentication This document provides an explanation of using Active Directory with SoftwarePlanner. 1 Narrative In some situations, it may be preferable to
More informationFossil an archival file server
Fossil an archival file server Russ Cox rsc@mit.edu PDOS Group Meeting January 7, 2003 http://pdos/~rsc/talks History... Cached WORM file server (Quinlan and Thompson): active file system on magnetic disk
More informationConfiguring IBM Cognos Controller 8 to use Single Sign- On
Guideline Configuring IBM Cognos Controller 8 to use Single Sign- On Product(s): IBM Cognos Controller 8.2 Area of Interest: Security Configuring IBM Cognos Controller 8 to use Single Sign-On 2 Copyright
More informationSalesJunction.com. Sales Force Automation & CRM. SJAPI Guide
SalesJunction.com Sales Force Automation & CRM SJAPI Guide Table of Contents API Essentials 2 AddAcct.asp 2 AddAct.asp 3 AddCont.asp 3 AddOpp.asp 4 FindContacts.asp 4 FindContacts_ViaEmail.asp 5 GetAcct.asp
More informationYour Question. Net Report Answer
Your Question Article: 00120 Question: How to Configure External Authentication for Net Report Web Portal Net Report Answer Introduction Security devices can be used to control access to network resources.
More informationFirewall Troubleshooting
Firewall Troubleshooting (Checkpoint Specific) For typical connectivity issues where a firewall is in question follow these steps to eliminate any issues relating to the firewall. Firewall 1. From the
More informationLDAP (Lightweight Directory Access Protocol)
(Lightweight Directory Access Protocol) Machines included: HL-4040CN HL-4050CDN HL-4070CDW DCP-9040CN DCP-9045CDN MFC-9440CN MFC-9840CDW DCP-8060 DCP-8065DN MFC-8460N MFC-8860DN MFC-8870DW Contents 1)
More informationSecure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,
Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data. The main
More informationClient Installation Guide. Version 6.0 SP1
Client Installation Guide Version 6.0 SP1 2013 Pitney Bowes Software Inc. All rights reserved. This document may contain confidential and proprietary information belonging to Pitney Bowes Inc. and/or its
More informationProgramming NDS with NetWare Loadable Modules (NLMs), Part 2
M A Y 2 0 0 0 N O V E L L R E S E A R C H Programming NDS with NetWare Loadable Modules (NLMs), Part 2... Adapted from a DeveloperNet University Tutorial Part 1 of this article, published in the April
More informationUsing Network Attached Storage with Linux. by Andy Pepperdine
Using Network Attached Storage with Linux by Andy Pepperdine I acquired a WD My Cloud device to act as a demonstration, and decide whether to use it myself later. This paper is my experience of how to
More informationTransport Layer Security Protocols
SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known
More informationGuide to SASL, GSSAPI & Kerberos v.6.0
SYMLABS VIRTUAL DIRECTORY SERVER Guide to SASL, GSSAPI & Kerberos v.6.0 Copyright 2011 www.symlabs.com Chapter 1 Introduction Symlabs has added support for the GSSAPI 1 authentication mechanism, which
More information15 AFS File Sharing. Client/Server Computing. Distributed File Systems
15 AFS File Sharing Adapted from the Open AFS Guide, http://openafs.org/doc/ AFS makes it easy for people to work together on the same files, no matter where the files are located. AFS users do not have
More information1 Attack Top Attackers Report, Top Targets Report, Top Protocol Used by Attack Report, Top Attacks Report, Top Internal Attackers Report, Top External Attackers Report, Top Internal Targets Report, Top
More informationHow-to: Single Sign-On
How-to: Single Sign-On Document version: 1.02 nirva systems info@nirva-systems.com nirva-systems.com How-to: Single Sign-On - page 2 This document describes how to use the Single Sign-On (SSO) features
More informationAdvanced Audit Policy Configurations for LT Auditor+ Reference Guide
Advanced Audit Policy Configurations for LT Auditor+ Reference Guide Contents WINDOWS AUDIT POLICIES REQUIRED FOR LT AUDITOR+....3 ACTIVE DIRECTORY...3 Audit Policy for the Domain...3 Advanced Auditing
More informationConfiguring a Check Point FireWall-1 to SOHO IPSec Tunnel
Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel This document describes the procedures required to configure an IPSec VPN tunnel between a WatchGuard SOHO or SOHO tc and a Check Point FireWall-1.
More informationMessaging API. API Specification Document Messaging API. Functionality: Send SMS Messages.
Functionality: Send SMS Messages. This gateway can be accessed via the HTTP or HTTPs Protocol by submitting values to the API server and can be used to send simple text messages to single or multiple mobile
More informationPortals and Hosted Files
12 Portals and Hosted Files This chapter introduces Progress Rollbase Portals, portal pages, portal visitors setup and management, portal access control and login/authentication and recommended guidelines
More information15-412. Factotum Sep. 23, 2013
15-412 Factotum Sep. 23, 2013 Dave Eckhardt 1 Factotum Left Out (of P9/9P Lecture) The whole authentication thing There is an auth server much like a Kerberos KDC There is an authentication fle system
More informationHow to move email to your new @students.ecu.edu account with MAC Mail
How to move email to your new @students.ecu.edu account with MAC Mail 1. Open Mail, and then do one of the following: If you've never set up any e mail accounts using Mail, the Welcome to Mail page appears.
More informationFreeRADIUS Install and Configuration. Joel Jaeggli 05/04/2006
FreeRADIUS Install and Configuration Joel Jaeggli 05/04/2006 What is RADIUS? A AAA protocol (Authentication, Authorization and Accounting). Authentication Confirmation that the user is who they say they
More informationUse Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W
Article ID: 5037 Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote resources by establishing
More informationOverview of Web Services API
1 CHAPTER The Cisco IP Interoperability and Collaboration System (IPICS) 4.5(x) application programming interface (API) provides a web services-based API that enables the management and control of various
More informationJPMorgan Chase Treasury Workstation. Certification Setup Guide Version 2.0
EMENTS JPMorgan Chase Treasury Workstation Certification Setup Guide Version 2.0 December 2010 TABLE OF CONTENTS Introduction... 1 About this Guide... 1 When to Create the Certificates... 2 Getting Help...
More informationSHAD: A Human-Centered Security Architecture
SHAD: A Human-Centered Security Architecture for the Plan B Operating System Enrique Soriano, Francisco J. Ballesteros, and Gorka Guardiola Laboratorio de Sistemas Universidad Rey Juan Carlos Madrid, Spain.
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationCIDR Range Subnet Mask 85.115.32.0/19 85.115.32.0-85.115.63.255 85.115.32.0 255.255.224.0
MAC Endpoint Technical Overview Overview Websense MAC Web Endpoint is designed to provide a seamless experience to end users for authenticating and directing traffic to the Websense Cloud Security infrastructure.
More informationConfigure the Application Server User Account on the Domain Server
How to Set up Kerberos Summary This guide guide provides the steps required to set up Kerberos Configure the Application Server User Account on the Domain Server The following instructions are based on
More informationLiberty Alliance. CSRF Review. .NET Passport Review. Kerberos Review. CPSC 328 Spring 2009
CSRF Review Liberty Alliance CPSC 328 Spring 2009 Quite similar, yet different from XSS Malicious script or link involved Exploits trust XSS - exploit user s trust in the site CSRF - exploit site s trust
More informationIPsec VPN Application Guide REV: 1.0.0 1910010876
IPsec VPN Application Guide REV: 1.0.0 1910010876 CONTENTS Chapter 1. Overview... 1 Chapter 2. Before Configuration... 2 Chapter 3. Configuration... 5 3.1 Configure IPsec VPN on TL-WR842ND (Router A)...
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN
INTEGRATION GUIDE DIGIPASS Authentication for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data
More informationActive Directory Requirements and Setup
Active Directory Requirements and Setup The information contained in this document has been written for use by Soutron staff, clients, and prospective clients. Soutron reserves the right to change the
More informationEmail setup information for most domains hosted with InfoRailway.
Email setup information for most domains hosted with InfoRailway. Incoming server (POP3): pop.secureserver.net port 995 (SSL) Incoming server (IMAP): imap.secureserver.net port 993 (SSL) Outgoing server
More information/ Preparing to Manage a VMware Environment Page 1
Configuring Security for a Managed VMWare Enviroment in VMM Preparing to Manage a VMware Environment... 2 Decide Whether to Manage Your VMware Environment in Secure Mode... 2 Create a Dedicated Account
More informationE-Mail: SupportCenter@uhcl.edu Phone: 281-283-2828 Fax: 281-283-2969 Box: 230 http://www.uhcl.edu/uct
A VPN (Virtual Private Network) provides a secure, encrypted tunnel from your computer to UHCL's network when off campus. UHCL offers VPN software to allow authenticated, secure access to many UHCL resources
More informationE-Mail: SupportCenter@uhcl.edu Phone: 281-283-2828 Fax: 281-283-2969 Box: 230 http://www.uhcl.edu/uct
A VPN (Virtual Private Network) provides a secure, encrypted tunnel from your computer to UHCL's network when off campus. UHCL offers VPN software to allow authenticated, secure access to many UHCL resources
More informationOpenSMTPD: we deliver
OpenSMTPD: we deliver Giovanni Bechis LinuxCon Europe 2015 About Me sys admin and developer @SNB OpenBSD developer Open Source developer in several other projects OpenSMTPD story
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationEnterprise Knowledge Platform 5.6
Enterprise Knowledge Platform 5.6 LDAP Authentication Integration Configuration Guide Document Information Document ID: EN151 Document title: EKP LDAP Authentication Integration Configuration Guide Version:
More informationSetting up single signon with Zendesk Remote Authentication
Setting up single signon with Zendesk Remote Authentication Zendesk Inc. 2 Zendesk Developer Library Introduction Notice Copyright and trademark notice Copyright 2009 2013 Zendesk, Inc. All rights reserved.
More informationRemote Desktop access via Faculty Terminal Server Using Internet Explorer (versions 5.x-7.x)
Remote Desktop access via Faculty Terminal Server Using Internet Explorer (versions 5.x-7.x) Start your Internet Explorer browser and direct it to the faculty home page. Click on the link Remote Access,
More informationAstaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client
Astaro Security Gateway V8 Remote Access via L2TP over IPSec Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If
More informationConfiguring User Identification via Active Directory
Configuring User Identification via Active Directory Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be User Identification Overview User Identification allows you to create security policies based
More informationHow to set mail account on Outlook Express to read and send mail (for CSA/CSD users)
How to set mail account on Outlook Express to read and send mail (for CSA/CSD users) Your CSA/CSD account is also a mail service that enables you to get mail sent to your_username@cs.technion.ac.il, read
More informationConfiguring the Cisco Secure PIX Firewall with a Single Intern
Configuring the Cisco Secure PIX Firewall with a Single Intern Table of Contents Configuring the Cisco Secure PIX Firewall with a Single Internal Network...1 Interactive: This document offers customized
More informationAccessing a Microsoft SQL Server Database from SAS on Microsoft Windows
Accessing a Microsoft SQL Server Database from SAS on Microsoft Windows On Microsoft Windows, you have two options to access a Microsoft SQL Server database from SAS. You can use either SAS/Access Interface
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationSmart Card Authentication Client. Administrator's Guide
Smart Card Authentication Client Administrator's Guide April 2013 www.lexmark.com Contents 2 Contents Overview...3 Configuring Smart Card Authentication Client...4 Configuring printer settings for use
More informationCreating a DUO MFA Service in AWS
Amazon AWS is a cloud based development environment with a goal to provide many options to companies wishing to leverage the power and convenience of cloud computing within their organisation. In 2013
More informationLISTSERV LDAP Documentation
LISTSERV LDAP Documentation L Soft Sweden AB 2007 28 November 2007 Overview LISTSERV version 15.5 can interface to LDAP servers to authenticate user logins, to insert LDAP attributes in mail merge distributions
More informationCustomer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview
Xerox Multifunction Devices Customer Tips February 13, 2008 This document applies to the stated Xerox products. It is assumed that your device is equipped with the appropriate option(s) to support the
More informationvcommander will use SSL and session-based authentication to secure REST web services.
vcommander REST API Draft Proposal v1.1 1. Client Authentication vcommander will use SSL and session-based authentication to secure REST web services. 1. All REST API calls must take place over HTTPS 2.
More informationChapter 2 LOGGING INTO LIMS
A. Metaframe Login Chapter 2 LOGGING INTO LIMS Logging into LIMS takes two steps because the LIMS application resides on the FDOT Citrix Metaframe Server. Before you can log into the LIMS application,
More informationSymantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers)
Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 (Domain Member Servers and Domain Controllers) Symantec Enterprise Security Manager Baseline Policy
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationThe English translation Of MBA Standard 0301
MBA 文 書 0603 号 MBA Document 0603 The English translation Of MBA Standard 0301 MISAUTH Protocol Specification The authoritive specification is Japansese one, MBA Standard 0203 (June 2004). The Protocol
More informationS-911 Bracelet Locator Protocol 1.0 Analyzer. User Manual
Document No.: Document Type: 220-SD-002 (V1.1) Software Design Document S-911 Bracelet Locator Protocol 1.0 Analyzer User Manual Version 1.1 Jan 12, 2011 Copyright 2011 Laipac Technology Inc. Release History
More informationUsing Foundstone CookieDigger to Analyze Web Session Management
Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.
More informationIntroduction to Operating Systems
Introduction to Operating Systems It is important that you familiarize yourself with Windows and Linux in preparation for this course. The exercises in this book assume a basic knowledge of both of these
More informationOpen Thunderbird. To set up an e-mail account in Thunderbird, from the Tools menu select Account Settings; choose Email account; then click Next.
Server Type: POP3 or IMAP Incoming(POP3 or IMAP) Mail Server: student.ncnm.edu POP3 Port: 995 (SSL) IMAP Port: 993 (SSL) Outgoing(SMTP) Mail Server: student.ncnm.edu SMTP Port: 587 (TLS) (Users must change
More informationColor Screen Phones: SIP-T48G and SIP-T46G with firmware version 73
This document provides detailed information on how to use ACD (automatic call distribution) feature on Yealink IP phones integrated with Star2Star platform. ACD enables organizations to manage a large
More informationWeb Authentication Application Note
What is Web Authentication? Web Authentication Application Note Web authentication is a Layer 3 security feature that causes the router to not allow IP traffic (except DHCP-related packets) from a particular
More informationSSL VPN Portal Options
1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the SSL VPN Wizard to configure SSL VPN portals on the ProSecure Unified Threat Management (UTM) Appliance. The Secure Sockets
More informationGoogle App Engine f r o r J av a a v a (G ( AE A / E J / )
Google App Engine for Java (GAE/J) What is Google App Engine? Google offers a cloud computing infrastructure calledgoogle App Engine(App Engine) for creating and running web applications. App Engine allows
More informationIntegration with Active Directory
VMWARE TECHNICAL NOTE VMware ACE Integration with Active Directory This document explains how to set up Active Directory to use with VMware ACE. This document contains the following topics: About Active
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationHow to Tunnel Remote Desktop using SSH (Cygwin) for Windows XP (SP2)
How to Tunnel Remote Desktop using SSH (Cygwin) for Windows XP (SP2) The ssh server is an emulation of the UNIX environment and OpenSSH for Windows, by Redhat, called cygwin This manual covers: Installation
More informationMessaging with Erlang and Jabber
Messaging with Erlang and Jabber Erlang User Conference '04 21st. October 2004 Mickaël Rémond www.erlang-projects.org What are XMPP and Jabber? XMPP stands for extensible
More informationThe Ubiquitous File Server in Plan 9
The Ubiquitous File Server in Plan 9 C H Forsyth Vita Nuova Limited 3 Innovation Close York Science Park York England YO10 5ZF forsyth@vitanuova.com 20 June 2005 1. Introduction Plan 9 is a distributed
More informationPreparing a SQL Server for EmpowerID installation
Preparing a SQL Server for EmpowerID installation By: Jamis Eichenauer Last Updated: October 7, 2014 Contents Hardware preparation... 3 Software preparation... 3 SQL Server preparation... 4 Full-Text Search
More informationComputer Systems II. Unix system calls. fork( ) wait( ) exit( ) How To Create New Processes? Creating and Executing Processes
Computer Systems II Creating and Executing Processes 1 Unix system calls fork( ) wait( ) exit( ) 2 How To Create New Processes? Underlying mechanism - A process runs fork to create a child process - Parent
More informationFreeBSD Developer Summit TrustedBSD: Audit + priv(9)
FreeBSD Developer Summit TrustedBSD: Audit + priv(9) Robert Watson FreeBSD Project Computer Laboratory University of Cambridge TrustedBSD Audit Quick audit tutorial Adding audit support to new kernel features
More informationTo install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server 2008.
Znode Multifront - Installation Guide Version 6.2 1 System Requirements To install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server
More informationCase Study - Configuration between NXC2500 and LDAP Server
Case Study - Configuration between NXC2500 and LDAP Server 1 1. Scenario:... 3 2. Topology:... 4 3. Step-by-step Configurations:...4 a. Configure NXC2500:...4 b. Configure LDAP setting on NXC2500:...10
More informationCreating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client
A P P L I C A T I O N N O T E Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client This application note describes how to set up a VPN connection between a Mac client and a Sidewinder
More informationLab 2 : Basic File Server. Introduction
Lab 2 : Basic File Server Introduction In this lab, you will start your file system implementation by getting the following FUSE operations to work: CREATE/MKNOD, LOOKUP, and READDIR SETATTR, WRITE and
More information