Secure Internet Services (SIS) is an optionally
enabled mechanism that incorporates Kerberos V5 authentication and
authorization for remote access services: ftp, rcp, remsh, rlogin, and telnet.
Secure Internet Services is part of the HP-UX Internet
Services product, which is documented in Using HP-UX Internet
Services at http://www.docs.hp.com/en/netcom.html#Internet%20Services and the following manpages:
sis(5), kinit(1), klist(1), kdestroy(1M), krbval(1M), k5dcelogin(1M), inetsvcs_sec(1M), and inetsvcs(4).
When you run SIS commands, the security is enhanced
because you no longer have to transmit a password in readable form
over the network.
 |
| |
|
 | NOTE: The SIS libraries do not encrypt the session beyond what is
necessary to authorize you or to authenticate the service. Therefore,
these services do not provide integrity checking or encryption services
on the data or on remote services. To encrypt the data, use OpenSSL.
For more information, see the OpenSSL Release Notes: http://docs.hp.com/en/internet.html#OpenSSL. |
|
| |
|
When two systems are operating in a Kerberos V5-based
secure environment, Secure Internet Services ensures that a local
and remote host are identified to each other in a secure and trusted
manner and that the user is authorized to access the remote account.
For ftp/ftpd, rlogin/rlogind, and telnet/telnetd, the Kerberos V5 authentication
mechanism sends encrypted tickets instead of a password over the network
to verify and to identify the user. For rcp/remshd and remsh/remshd, the secure versions of these
services ensure that the user is authorized to access the remote account.
Printable version
