Level: Intermediate Vipin Rathor (vrathor1@in.ibm.com), System Software Engineer,
IBM
Sandeep Patil (rsandeep@in.ibm.com), Advisory Software Engineer, IBM
11 Dec 2007 Use IBM® Network Authentication Service (IBM NAS) for
AIX® to learn about the Kerberos policy management for passwords, and get
acquainted with anything and everything about IBM NAS policy. Also examine complete
commands, examples, and scenarios to assist you in using the kerberos password
policy to its fullest.
Introduction
Kerberos is a popular protocol used for network authentication. Most modern
operating systems as well as AIX® support Kerberos-based (Version 5)
authentication. The IBM® version of Kerberos is called IBM Network
Authentication Service (IBM NAS), and it can be installed from AIX 5.3 Expansion
Pack CDs. IBM NAS for AIX supports both Kerberos clients and Kerberos servers and
is used extensively in various AIX components, including:
- AIX Network File System (NFS) Version 4
- OpenSSH
- Integrated login on AIX
- AIX telnet
- AIX
rlogin commands
It's also used by enterprises having solutions based on the IBM DB2®
Universal Database® (DB2 UDB) for the AIX platform. Principals and policies
are the main administrative entities in a Kerberos setup.
In this article, you are exposed to the fundamentals of Kerberos policy
management provided by IBM NAS. The article explains the importance of IBM NAS
policies and illustrates the usage of all policy management commands that aid you
to apply the desired policies to your Kerberos realms.
Policies in IBM NAS
Setting rules for password management is a key aspect in security-based
solutions, and it is stated as one of the mandatory requirements by many of the
guidelines and standards for security compliance. IBM NAS provides policies that
help setting rules on password management for the Kerberos protocol. IBM NAS
policies are nothing more than the password policies that administer the password
rules. These policies, when applied to the IBM NAS principal, control the manner
in which the principle's password works.
Typically in a Kerberos environment where thousands of Kerberos principals are
required to be maintained, management of principals becomes a cumbersome task.
Administrators are often required to have a different set of rules for different
group of principals. And then, there is also a constant need of dealing with
expired passwords, following a strict corporate password policy or protecting
users from choosing a password that is easily compromised.
All the above tasks can easily be carried out by the use of NAS policies.
Administrators are only required to create various Kerberos policies according to
the organization's requirements (preferably before creating the
principals), and then assign these policies when needed to the Kerberos
principals.
IBM NAS policies:
Creation and modification
Policy creation is generally a one-time activity if the organization's
password policy is set. Once created, these policies can be very useful to
administrators whose production environment requires a variety of password rules
for a variety of principals. Polices can be created, modified, deleted, backed up
and restored by using various commands provided by IBM NAS. To execute the
principal and policy management commands, IBM NAS ships two utilities,
kadmin and kadmin.local.
These interfaces are required to carry out the IBM NAS administration tasks. For
more information on kadmin and
kadmin.local, see the IBM NAS Version 1.4
Administration Guide, shipped with the AIX Version 5.3 Expansion Pack CD.
The key aspect to understand is that the IBM NAS policy helps manage the
following password attributes:
- The maximum lifetime of a password.
- The minimum lifetime of a password.
- The minimum length of a password.
- The number of character classes in a password.
- The number of past keys kept for a principal.
To create a policy, use the kadmin (or
kadmin.local) add_policy
command. This command requires the add administrative
privilege. An alias for this command is addpol:
Syntax: add_policy [options] <policy_name> |
 | |
Note: For complete instruction on the IBM NAS policy naming
convention, please refer the IBM NAS Version 1.4 Administration Guide,
shipped with the AIX Version 5.3 Expansion Pack CD. |
|
To modify attributes of a policy, use the kadmin (or
kadmin.local) modify_policy
command. This command requires the modify
administrative privilege. An alias for this command is
modpol:
Syntax: modify_policy [options] <policy_name> |
The [options] can take the following attributes:
- -maxlife <time>
- Sets the maximum lifetime of a password to <time> . It's
default value is zero.
- -minlife <time>
- Sets the minimum lifetime of a password to <time>. It's
default value is zero.
- -minlength <length>
- Sets the minimum length of a password to <length> characters.
It's default value is one.
- -minclasses <number>
- Sets the number of character classes in a password to
<number>. It must be an integer between one and five. It's
default value is one.
- -history <number>
- Sets the number of past keys kept for a principal to <number>.
It's default value is one.
The following example shows how to create and run a new policy,
once-a-min, with a maximum and minimum password
lifetime of one minute.
kadmin: add_policy -maxlife "1 min" -minlife "1 min" once-a-min
|
Create a principal called one-minute-sandy and assign
the policy that you created to that principal (see the
IBM NAS policies: Listing, retrieval, and deletion
section for details on assigning a policy to principal).
kadmin: add_principal -policy once-a-min one-minute-sandy
Enter password for principal "one-minute-sandy@ISL.IN.IBM.COM":
Re-enter password for principal "one-minute-sandy@ISL.IN.IBM.COM":
Principal "one-minute-sandy@ISL.IN.IBM.COM" created.
kadmin: q
|
To acquire the Kerberos credential for this principal, use the
kinit command and list the acquired credentials using
the klist command. If you try to acquire the credential
using the same principal after one minute, IBM NAS prompts for you to change the
password because, according the principal policy, the password has already
expired.
$ kinit one-minute-sandy
Password for one-minute-sandy@ISL.IN.IBM.COM:
$ klist
Ticket cache: FILE:/var/krb5/security/creds/krb5cc_0
Default principal: one-minute-sandy@ISL.IN.IBM.COM
Valid starting Expires Service principal
07/26/07 06:38:33 07/27/07 06:38:30 krbtgt/ISL.IN.IBM.COM@ISL.IN.IBM.COM
$ date
Thu Jul 26 06:38:44 WDT 2007
$ date
Thu Jul 26 06:39:47 WDT 2007
$ kinit one-minute-sandy
Password for one-minute-sandy@ISL.IN.IBM.COM:
Password expired. You must change it now.
Enter new password:
Enter it again:
$ klist
Ticket cache: FILE:/var/krb5/security/creds/krb5cc_0
Default principal: one-minute-sandy@ISL.IN.IBM.COM
Valid starting Expires Service principal
07/26/07 06:40:17 07/27/07 06:40:17 krbtgt/ISL.IN.IBM.COM@ISL.IN.IBM.COM
|
When a principal is associated with a password policy, the policy attributes
start managing the principal's password immediately. If somebody tries to
change the password of this principal, they need to satisfy all the policy
attribute restrictions before they can change the password.
IBM NAS
policies: Listing, retrieval, and deletion
You can retrieve a list of policies with the
kadmin list_policies command, which requires the
list administrative privilege.
Syntax: list_policies [expression] |
The [expression] is a shell-style global expression
that can contain the characters *, ?, and []. All policy names matching the
expression are displayed. The list_policies command has
the aliases listpols,
get_policies, and getpols.
The following example shows the use of the
list_policies/get_policies:
kadmin: list_policies
admins
default
guest
once-a-min
kadmin: get_policies *a*
admins
default
once-a-min
|
To retrieve a policy from the IBM NAS database, use the
get_policy kadmin command. The policies are stored with
the other principals in the IBM NAS principal database. The alias for
get_policy is getpol. It
requires the inquire administrative privilege:
Syntax: get_policy [-terse] <policy_name> |
kadmin: add_policy -maxlife "1 day" -minlife "1 hour" -minlength "4" guest
kadmin: get_policy guest
Policy: guest
Maximum password life: 86400
Minimum password life: 3600
Minimum password length: 4
Minimum number of password character classes: 1
Number of old keys kept: 1
Reference count: 1
|
The maximum and minimum password life is shown in seconds. You can also see the
default values for character class, key history, and reference count. The
reference count is the number of principals using that policy.
Note: If an LDAP directory is used to store IBM NAS authentication data,
then the reference count is always equal to zero.
The get_policy command -terse option lists each field
as a quoted, tab-separated string.
For example:
kadmin: getpol -terse guest
"guest" 86400 3600 4 1 1 1
|
To delete a policy, use the kadmin delete_policy
command. This command requires the delete
administrative privilege. An alias for delete_policy is
delpol.
Syntax: delete_policy [-force]
<policy_name> |
The delete_policy command asks for confirmation before
deletion, unless you specify the -force option. You
must remove the policy from all principals before deleting it. The
delete_policy command fails if the policy is being used
by any principal. For examples of the delete_policy
command, see the
Principals and policies: Assignment and removal
section.
Default policy and no
policy
IBM NAS offers a facility of default policy. This default policy acts as a
placeholder for those principals whose policy is not decided at the time of
creation. In order to exercise the default policy, you need to create a policy by
the name of default. Once created, this policy will be
automatically applied to the principal, unless you specify another policy name or
-clearpolicy option during principal creation or modification. The default policy
is in action from the moment it's created.
The following examples show how to create a default policy and auto-assignment.
First, create a default policy:
kadmin: add_policy -maxlife "3 months" -minlife "1 day" -minlength "5" default
kadmin: get_policy default
Policy: default
Maximum password life: 7948800
Minimum password life: 86400
Minimum password length: 5
Minimum number of password character classes: 1
Number of old keys kept: 1
Reference count: 0
|
Notice the minimum password length of five characters. Now try creating a
principal without specifying any policy so that default policy will be applied,
and give a three-character password:
kadmin: add_principal mack
NOTICE: no policy specified for mack@ISL.IN.IBM.COM;
assigning "default". Note that policy may be overridden by ACL restrictions.
Enter password for principal "mack@ISL.IN.IBM.COM": <<enter 3 characters here
Re-enter password for principal "mack@ISL.IN.IBM.COM": <<repeat
Unable to create principal "mack@ISL.IN.IBM.COM".
Status 0x29c2516 - Password is too short
|
In the above case, you are unable to create the principal because of the default
policy not allowing you to give password of less than five characters.
Now let's try to create a principal with a six-character password:
kadmin: add_principal mack_correct
NOTICE: no policy specified for mack_correct@ISL.IN.IBM.COM;
assigning "default". Note that policy may be overridden by ACL restrictions.
Enter password for principal "mack_correct@ISL.IN.IBM.COM": <<enter 6 characters here
Re-enter password for principal "mack_correct@ISL.IN.IBM.COM": <<repeat
Principal "mack_correct@ISL.IN.IBM.COM" created.
|
Since you are satisfying all the restrictions of the default principal, you are
able to create the principal above.
If there is no default policy and no policy is being specified while creating a
principal, then kadmin chooses to stick to
no policy for that principal which means that the
principal is not governed by any policies. The following example shows an
automatic no policy assignment:
kadmin: add_principal john
WARNING: no policy specified for john@ISL.IN.IBM.COM;
defaulting to no policy. Note that policy may be overridden by ACL restrictions.
Enter password for principal "john@ISL.IN.IBM.COM":
Re-enter password for principal "john@ISL.IN.IBM.COM":
Principal "john@ISL.IN.IBM.COM" created.
|
Principals
and policies: Assignment and removal
You can assign policies to a new principal as well as existing principals.
Assigning a policy to a
new principal
While creating the new principals, you can directly specify the policy with the
-policy option of the
add_principal command of
kadmin. For example, the following command assigns a
policy called guest_policy to the new
sachin/guest principal.
kadmin: add_principal -policy guest_policy sachin/guest
Enter password for principal "sachin/guest@ISL.IN.IBM.COM":
Re-enter password for principal "sachin/guest@ISL.IN.IBM.COM":
Principal "sachin/guest@ISL.IN.IBM.COM" created.
|
Assigning a policy to an
existing principal
If the principal already exists, then you need to modify it to assign a desired
policy. Use the kadmin
modify_principal command (or alias
modprinc) with a -policy
option. In the following scenario, you assign the
admins policy to an existing
admin/sales principal.
First, let's see the current status of
dmin/sales. Notice
Policy :
[none] at the end.
kadmin: get_principal admin/sales
Principal: admin/sales@ISL.IN.IBM.COM
Expiration date: [never]
Last password change: Thu Jul 26 08:41:19 WDT 2007
Password expiration date: [none]
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Jul 26 08:41:21 WDT 2007 (admin/admin@ISL.IN.IBM.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 5
Key: vno 1, Triple DES cbc mode with HMAC/sha1,
no salt
Key: vno 1, ArcFour with HMAC/md5,
no salt
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC,
no salt
Key: vno 1, DES cbc mode with RSA-MD5,
no salt
Key: vno 1, AES-128 CTS mode with 96-bit SHA-1 HMAC,
no salt
Attributes:
REQUIRES_PRE_AUTH
Policy: [none]
|
Now, let's modify this principal using the
modify_principal command to assign the
admins policy and verify it by seeing the principal
details after that.
kadmin: modprinc -policy admins admin/sales
Principal "admin/sales@ISL.IN.IBM.COM" modified.
kadmin: get_principal admin/sales
Principal: admin/sales@ISL.IN.IBM.COM
Expiration date: [never]
Last password change: Thu Jul 26 08:41:19 WDT 2007
Password expiration date: Thu Jul 26 10:41:19 WDT 2007
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Jul 26 08:41:54 WDT 2007 (admin/admin@ISL.IN.IBM.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 5
Key: vno 1, Triple DES cbc mode with HMAC/sha1,
no salt
Key: vno 1, ArcFour with HMAC/md5,
no salt
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC,
no salt
Key: vno 1, DES cbc mode with RSA-MD5,
no salt
Key: vno 1, AES-128 CTS mode with 96-bit SHA-1 HMAC,
no salt
Attributes:
REQUIRES_PRE_AUTH
Policy: admins
|
Now the admins policy has been assigned to the
admin/sales principal.
Removing policy from
principal and deleting policy
To remove a policy from a principal, use the
-clearpolicy option. For the
modify_principal command,
-clearpolicy removes the current policy from a
principal. For the add_principal command,
-clearpolicy suppresses the automatic assignment of the
default policy. The following example shows a policy removal and deletion. Here
you have a policy called del-me that's assigned to one
principal tester, and you will try to delete this
policy. First, list the details of the tester
principal:
kadmin: get_principal tester
Principal: tester@ISL.IN.IBM.COM
Expiration date: [never]
Last password change: Thu Jul 26 09:38:26 WDT 2007
Password expiration date: [none]
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Jul 26 09:38:27 WDT 2007 (admin/admin@ISL.IN.IBM.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 5
Key: vno 1, Triple DES cbc mode with HMAC/sha1,
no salt
Key: vno 1, ArcFour with HMAC/md5,
no salt
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC,
no salt
Key: vno 1, DES cbc mode with RSA-MD5,
no salt
Key: vno 1, AES-128 CTS mode with 96-bit SHA-1 HMAC,
no salt
Attributes:
REQUIRES_PRE_AUTH
Policy: del-me
|
Next, list the details of the del-me policy:
Policy: del-me
Maximum password life: 0
Minimum password life: 0
Minimum password length: 1
Minimum number of password character classes: 1
Number of old keys kept: 1
Reference count: 1
|
Notice the reference count, which is 1 at this time. Now try to delete this
policy without removing it from the principal.
kadmin: delpol del-me
Are you sure you want to delete the policy "del-me"? (yes/no): yes
Unable to delete policy "del-me".
Status 0x29c251b - Policy is in use.
|
You are getting this error because the del-me policy
is being used by the tester principal. Now remove the
policy from the tester principal:
kadmin: modprinc -clearpolicy tester
Principal "tester@ISL.IN.IBM.COM" modified.
kadmin: get_principal tester
Principal: tester@ISL.IN.IBM.COM
Expiration date: [never]
Last password change: Thu Jul 26 09:38:26 WDT 2007
Password expiration date: [none]
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Jul 26 09:44:07 WDT 2007 (admin/admin@ISL.IN.IBM.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 5
Key: vno 1, Triple DES cbc mode with HMAC/sha1,
no salt
Key: vno 1, ArcFour with HMAC/md5,
no salt
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC,
no salt
Key: vno 1, DES cbc mode with RSA-MD5,
no salt
Key: vno 1, AES-128 CTS mode with 96-bit SHA-1 HMAC,
no salt
Attributes:
REQUIRES_PRE_AUTH
Policy: [none]
|
Now let's see what the del-me policy looks
like:
kadmin: getpol del-me
Policy: del-me
Maximum password life: 0
Minimum password life: 0
Minimum password length: 1
Minimum number of password character classes: 1
Number of old keys kept: 1
Reference count: 0
|
Notice that the reference count is now showing zero. Once again, try to delete
the policy:
kadmin: delpol del-me
Are you sure you want to delete the policy "del-me"? (yes/no): yes
|
Now the policy has been deleted successfully.
NAS Policies: Backup and
restore
Backing up IBM NAS policies (Legacy
database only)
NAS policies are stored along with IBM NAS principal information in the NAS
principal database. For the purpose of disaster recovery, there is a need to
backup the NAS database to a backup file. To take the backup, you need to use the
/usr/krb5/sbin/kdb5_util dump command:
Syntax: $kdb5_util dump [-verbose] [<filename> [<principals>]] |
For example, to back up the whole database to a
total_backup file, use the following command:
$kdb5_util dump -verbose total_backup
K/M@ISL.IN.IBM.COM
admin/admin@ISL.IN.IBM.COM
admin/sales@ISL.IN.IBM.COM
john@ISL.IN.IBM.COM
kadmin/admin@ISL.IN.IBM.COM
kadmin/changepw@ISL.IN.IBM.COM
kadmin/history@ISL.IN.IBM.COM
kadmin/huntcup.in.ibm.com@ISL.IN.IBM.COM
krbtgt/ISL.IN.IBM.COM@ISL.IN.IBM.COM
mack_correct@ISL.IN.IBM.COM
one-minute-sandy@ISL.IN.IBM.COM
sachin/guest@ISL.IN.IBM.COM
tester@ISL.IN.IBM.COM
vipin@ISL.IN.IBM.COM
admins
default
guest
once-a-min
|
The kdb5_util dump command also creates an additional
file named total_backup.dump_ok.
Notice that this command has backed up all the principals as well as policies.
The -verbose option lists whatever is being backed up
on the console. The kdb5_util dump command always dumps
all the policies, even if you try to dump only few principals.
For example:
$kdb5_util dump -verbose dumpfile sachin/guest@ISL.IN.IBM.COM
sachin/guest@ISL.IN.IBM.COM
admin
default
del-me
guest
once-a-min
|
In this command, even though only one principal was specified, it has dumped all
the policies.
Restoring IBM NAS
policies (Legacy database only)
To restore the IBM NAS database information from a backup file, use the
/usr/krb5/sbin/kdb5_util load command:
Syntax: kdb5_util load [-verbose] [-update] <filename> |
If you do not specify the -update option, the
existing IBM NAS principal database is replaced by the specified dump file. Make
sure you have specified the -update option while
restoring, unless you are sure you want to purge the current database.
The following example shows a backup and restore of the IBM NAS policies. In this
scenario, you take the backup of the sachin/guest
principal. After that you delete the principal and its policy, try to restore it
from the backed up dump file.
First, list the sachin/guest principal:
kadmin: get_principal sachin/guest
Principal: sachin/guest@ISL.IN.IBM.COM
Expiration date: [never]
Last password change: Thu Jul 26 08:26:07 WDT 2007
Password expiration date: Fri Jul 27 08:26:07 WDT 2007
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Jul 26 08:26:08 WDT 2007 (admin/admin@ISL.IN.IBM.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 5
Key: vno 1, Triple DES cbc mode with HMAC/sha1,
no salt
Key: vno 1, ArcFour with HMAC/md5,
no salt
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC,
no salt
Key: vno 1, DES cbc mode with RSA-MD5,
no salt
Key: vno 1, AES-128 CTS mode with 96-bit SHA-1 HMAC,
no salt
Attributes:
REQUIRES_PRE_AUTH
Policy: guest
|
List the policy named guest, which is associated with
the sachin/guest principal:
kadmin: getpol guest
Policy: guest
Maximum password life: 86400
Minimum password life: 3600
Minimum password length: 4
Minimum number of password character classes: 1
Number of old keys kept: 1
Reference count: 1
|
Now create the backup:
$kdb5_util dump -verbose dumpfile sachin/guest@ISL.IN.IBM.COM
sachin/guest@ISL.IN.IBM.COM
admin
default
del-me
guest
once-a-min
|
Delete the sachin/guest principal and the
guest policy:
kadmin: delprinc sachin/guest
Are you sure you want to delete the principal \
"sachin/guest@ISL.IN.IBM.COM"? (yes/no): yes
Principal "sachin/guest@ISL.IN.IBM.COM" deleted.
Make sure that you have removed this principal from all ACLs before reusing.
kadmin: delpol guest
Are you sure you want to delete the policy "guest"? (yes/no): yes
|
To try to restore them from the dump file, enter:
$kdb5_util load -verbose -update dumpfile
sachin/guest@ISL.IN.IBM.COM stored.
Created policy admin.
Created policy default.
Created policy del-me.
Created policy guest.
Created policy once-a-min.
|
Enter the kadmin: list_principals command to see that
the deleted entries in the database are recovered.
kadmin: list_principals
K/M@ISL.IN.IBM.COM
admin/admin@ISL.IN.IBM.COM
admin/sales@ISL.IN.IBM.COM
john@ISL.IN.IBM.COM
kadmin/admin@ISL.IN.IBM.COM
kadmin/changepw@ISL.IN.IBM.COM
kadmin/history@ISL.IN.IBM.COM
kadmin/huntcup.in.ibm.com@ISL.IN.IBM.COM
krbtgt/ISL.IN.IBM.COM@ISL.IN.IBM.COM
mack_correct@ISL.IN.IBM.COM
one-minute-sandy@ISL.IN.IBM.COM
sachin/guest@ISL.IN.IBM.COM
tester@ISL.IN.IBM.COM
vipin@ISL.IN.IBM.COM
kadmin: getpols
admin
default
del-me
guest
once-a-min
|
Note: The backup and restoration described above is only available on IBM
NAS with a legacy database. For more information on IBM NAS configuration with a
legacy database and for backup and restoration of IBM NAS configured with LDAP,
see the IBM NAS Version 1.4 Administration Guide, shipped with AIX Version
5.3 Expansion Pack CD.
IBM NAS policy
management using GUI
The "IBM GUI-based administration tool for IBM NAS," available
in IBM alphaWorks, provides assistance to administrators preferring a GUI
interface to execute all of the NAS principal and policy management commands
listed so far. This does not apply to the policy backup and restore module.
Figure 1 provides a snap-shot of the tool. (See the
Resources section additional information.)
Figure 1: Snap-shot of IBM
GUI-based administration tool for NAS
Conclusion
This article covered all the aspects and the related commands of Kerberos policy
management provided by IBM NAS for AIX, which should help you with systems based
on Kerberos authentication.
Resources Learn
Get products and technologies
Discuss
- Participate in the
developerWorks blogs
and get involved in the developerWorks community.
- Participate in the AIX and UNIX forums:
About the authors | 
| | Vipin Rathor has been working with IBM for more than a year. He is currently engaged in IBM NAS L3 support and development activities. Network security, UNIX internals, and Game development are his main areas of interest. He has a master's degree in computer applications from University of Pune, India. You can contact him at vrathor1@in.ibm.com. |
| 
| | Sandeep Ramesh Patil works as an Advisory Software Engineer for the IBM India Software Labs. He has worked for IBM for the past six years, focusing on distributed technology including DCE, SARPC, and security products, such as the IBM Network Authentication Services (IBM Kerberos). He is currently developing new features and implementing security-related RFC for the IBM Network Authentication Service, along with its product support. Sandeep holds a Bachelor of Engineering degree in computer science from the University of Pune, India. You can contact him at rsandeep@in.ibm.com. |
Rate this page
| 
