14.5 Other Network Authentication Systems
There are a variety of other systems for providing authentication and
encryption services over an unprotected network that are less widely
used than those discussed in previous sections.
We'll provide only brief summaries of DCE and SESAME
here.
14.5.1 DCE
DCE is the Distributed
Computing Environment distributed by the Open Group. DCE is an
integrated computing environment that provides many services,
including user authentication, remote procedure calls, distributed
file sharing, and configuration management. DCE's
authentication is very similar to Kerberos, and its file sharing is
very similar to the Andrew File System.
DCE's security is based on a Security Server. The
Security Server maintains an access control list for various
operations and decides whether clients have the right to request
operations.
DCE clients communicate with DCE servers using DCE Authenticated RPC.
To use Authenticated RPC, each DCE principal (user or service) must
have a secret key that is known only to itself and the Security
Server.
A complete description of DCE can be found at http://www.opengroup.org/dce/. The version
available appears to have last been updated several years ago.
14.5.2 SESAME
SESAME is the Secure European
System for Applications in a Multivendor Environment. It is a single
sign-on authentication system similar to Kerberos.
SESAME incorporates many features of Kerberos 5, but adds
heterogeneity, access control features, scalability of public key
systems, improved manageability, and an audit system.
The primary difference between SESAME and Kerberos is that SESAME
uses public key cryptography, allowing it to avoid some of the
operational difficulties that Kerberos experiences. SESAME was funded
in part by the Commission of the European Union's
RACE program. It appears to still be actively maintained, and there
are versions available for RedHat Linux.
Information about SESAME can be found at http://www.cosic.esat.kuleuven.ac.be/sesame/.
|