Resources on the IBM Network Authentication Service and related technologies for AIX

A must-bookmark page for developers and administrators deploying secure solutions on AIX systems

Get the answers to your questions about the IBM® AIX® Network Authentication Service (NAS) and related technologies in one place. This article provides developers and administrators with a listing of the developerWorks articles that cover configuration, administration, interoperability, Kerberized filesystems (NFS V4), and different Kerberized login modules based on IBM NAS for AIX. For your convenience and ease of use, the articles have be categorized into appropriate sections.

Share:

Sandeep Ramesh Patil (rsandeep@in.ibm.com), Advisory Software Engineer, EMC

Photo of SandeepRamesh PatilSandeep Ramesh Patil is an Advisory Software Engineer for the IBM India System and Technology Lab. His professional experience has been on distributed technology and security products such as the IBM Network Authentication Services (IBM Kerberos). He is an IBM developerWorks Professional Author with most of his articles on information security. He also plays a active role in IP generation. Sandeep holds a BE degree in computer science and engineering from the University of Pune, India. You can contact him at rsandeep@in.ibm.com .



03 December 2008

Also available in Chinese

About Kerberos

A Kerberos primer

This developerWorks article is a very basic primer of Kerberos and a good place to start. For additional and the latest information on the Kerberos protocol, visit the Massachusetts Institute of Technology website on Kerberos: The Network Authentication Protocol (see Resources).


Articles specific to IBM Network Authentication Service for AIX

IBM Network Authentication Service for AIX is the IBM flavor of Kerberos shipped with the AIX Expansion Pack CD and is available with the IBM AIX Web Download Pack (see Resources). This section lists articles that describe different server features, configuration methods, policy management, backup management, and administration insights on IBM Network Authentication Service for AIX.

Articles on server-side configurations

Set up Kerberos Version 5 KDC to use AES encryption

Learn how to set up a Key Distribution Center (KDC) to use Advanced Encryption Standard (AES) encryption to secure tickets. Developers use KDC in systems to control the permission for users to access certain services. The KDC uses tickets as a means to flag permission for accessing a particular service, or for authenticating users and providers of services.

IBM Network Authentication Service KDC and administration servers discovery using LDAP for AIX

Implement effective ways to configure IBM NAS with Lightweight Directory Access Protocol (LDAP) on AIX to get the maximum reliability and scalability in your Kerberos environment. This article shows you different ways of setting up the dynamic, yet consistent, Kerberos environment.

Kerberos policy management in IBM Network Authentication Service for AIX Version 5.3

Use IBM NAS for AIX to learn about the Kerberos policy management for passwords, and get acquainted with anything and everything about IBM NAS policy. Also examine complete commands, examples, and scenarios to assist you in using the kerberos password policy to its fullest.

Enhanced password strength in IBM Network Authentication Service for AIX

In a Kerberos environment, protecting principals' passwords is imperative to preserve the system security. Learn how Kerberos administrators can take advantage of the password protection and password strength enhancement features provided by IBM NAS for AIX.

Configure IBM NAS version 1.4.0.7 for AIX to make use of non-default encryption type

This article provides step-by-step procedures of how to enable and make use of non-default encryption type such as "aes128-cts" in the Kerberos setup (IBM NAS). It also explains the reasoning behind every action taken in this regard. The explanation and reasoning will help Kerberos administrators make use of any other non-default encryption types in their Kerberos setups.

IBM NAS KDC configuration: Part 1: Configuration and Management of Slave KDC in IBM NAS on AIX

Become an expert administrator of a reliable Kerberos environment with high-availability involving multiple Kerberos master-slave Key Distribution Centers (KDC) on IBM AIX and many clients. In this article, part 1 of three-part series, learn how to configure and manage the basic master-slave KDC setup. Part 2 will cover how to update the slave KDC to the master KDC. Part 3 will educate how to configure the master-slave KDC with LDAP as the back end for storing Kerberos data.

IBM Network Authentication Service KDC configuration, Part 2: Upgrading a slave KDC to a master KDC

Be an expert administrator of a reliable Kerberos environment with high availability, involving multiple Kerberos master-slave Key Distribution Centers (KDC) on AIX and many clients. Part 2 of this series covers how to upgrade the slave KDC to perform as a master KDC. Part 1 covered how to configure and manage the basic master-slave KDC setup, and Part 3 will educate how to configure the master-slave KDC with LDAP as the back end for storing Kerberos data.

Miscellaneous

AIX Security commands

Security is an important aspect of the IBM AIX operating system. Follow along with this quick reference guide on AIX security commands to learn more.

IBM Network Authentication Service for AIX backup and restore management

Learn how to back up your important Kerberos data as a part of your business continuity plan and other backup processes. In the Kerberos production environment, taking a regular and proper backup of Kerberos data is vital to ensure 24x7 reliable and consistent support to the users. This article educates the Kerberos administrators on what data to consider for backup plan.

Configuring AIX 5L for Kerberos Based Authentication Using Network Authentication Service

Kerberos is a third-party authentication system that originated at MIT as part of Project Athena. This document describes the use of Kerberos as an alternative authentication mechanism to AIX . The loadable identification and authentication framework of AIX naturally lends itself to the use of Kerberos. Kerberos technology combined with LDAP user/group management provides a robust, centralized, and scalable authentication and identification mechanism for AIX.

AIX 5L LDAP user management (Active Directory client support)

Get an overview of the LDAP-related enhancements in the AIX 5L operating system V5.3 TL5 update. Some of the enhancements include support for Active Directory, multiple base distinguished (DN) support, and extended base DN format.

Is your AIX environment secure?

In this article, the author discusses common security problems in any UNIX® environment, including AIX. He identifies some of the key files and the steps required to maintain their integrity, and he highlights a number of security tools you can use to diagnose an AIX system and identify potential security lapses. The ideas discussed here apply to all releases of AIX and will be useful to both AIX system administrators and AIX programmers concerned about protecting their systems from intruders.


Articles on Kerberized applications using IBM NAS for AIX

This section lists articles that show readers the available kerberized filesystem deployments on AIX, migration across kerberized filesystems, enabling AIX kerberized authentication in login modules across different operating systems, and means to use secure login applications like kerberized telnet, SSH, and more.

File systems

Kerberos authentication for AIX Version 5.3 Network File System Version 4

Find out how to use application programming interfaces (APIs) when writing your own custom Kerberos-based authentication applications. Network File System Version 4 (NFS V4), the up-and-coming enterprise file system, uses the Kerberos security mechanism to address privacy, authentication, and integrity requirements. In this article, you'll examine different Kerberos credential cache name formats that AIX NFS V4 supports and are required for authentication purposes. You'll also look at different methods of obtaining the Kerberos credential.

AIX NFS Version 4 configuration over Kerberos inter-realm setup

Learn how to configure an inter-realm setup between IBM NAS and Microsoft Active Directory for AIX Network File System (NFS) Version 4.

Accessing DFS and NFS V4 directories simultaneously

This article provides guidance to DCE or DFS users who are migrating from DCE or DFS to Kerberos/NFS V4. During the transition period, these users need to be authenticated and authorized to use both DFS and NFS V4 directories. This article answers some basic questions, such as, "Can the DCE authentication server be used as a Kerberos server for NFS V4 with a Kerberos client?"

Network File System Version 4 security: Kerberos and LIPKEY mechanisms

Use the enriched security features of Network File System (NFS) Version 4 to pave your way to public key technology. In this article, you'll examine the NFS Version 4 built-in security schemes, and how to use the existing Kerberos authentication database in a LIPKEY security mechanism. You'll also find out how to take the first steps for a migration or extension from Kerberos to the LIPKEY security mechanism.

IBM NFS/DFS Authentication Gateway: Commands and APIs to bridge to NFS Version 4

Learn how to use the IBM NFS/DFS Authentication Gateway commands and application programming interfaces (APIs) to design applications during migration. As the storage needs of large enterprises continue to grow and NFS implementations offering more and more features, it makes business sense for enterprises to migrate to NFS Version 4, as outlined in the "IBM NFS/DFS Authentication Gateway: A migration bridge to NFS Version 4" companion article.

IBM NFS/ DFS Authentication Gateway (A migration bridge to NFS Version 4)

Take advantage of the new features Network File System Version 4 (NFS Version 4) now has to offer. With the ever-growing storage needs in large enterprises and NFS implementations offering more and more features, it makes business sense for enterprises to migrate to NFS Version 4. In this article, we discuss the need and various strategies for migrating from the IBM Distributed Computing Environment (DCE)/Distributed File System (DFS) infrastructure to NFS Version 4 on AIX and Linux.

Login modules

Kerberized authentication of Windows Terminal Service

Discover how to configure the Microsoft Windows 2003 Server to authenticate Terminal Service users with the IBM Network Authentication Service (IBM NAS) Key Distribution Center (KDC) being hosted on their AIX 5.3 system. Such a setup not only gives Kerberized authentication for Terminal Service users, but it also allows users to have uniform user IDs and passwords across AIX and Windows Server systems. It allows application developers to exploit the advantages of Kerberos interoperability between IBM NAS and Windows in Kerberized applications spanning across systems.

Secure communication with Kerberized OpenSSH on AIX Version 5.3 using Windows Kerberos service

Discover how you can configure the Kerberized Open Secure Shell (OpenSSH) on AIX Version 5.3 machines that have Microsoft Active Directory Server to act as the Key Distribution Center (KDC). OpenSSH encrypts traffic, including passwords, to eliminate eavesdropping, taking over your connection, or peeking into your data. If you work in a hybrid environment with multi-vendor solutions on AIX Version 5.3 systems, then you'll find this article extremely useful.

Secure Kerberized authentication on Solaris 10 using IBM AIX Version 5.3

Set up a Kerberized environment to work with Solaris 10 and learn how to configure a Key Distribution Center (KDC) on AIX Version 5.3. You'll also run through a series of steps for configuring a Kerberos client on Solaris 10 to authenticate users for Telnet, remote shell (rsh), and Secure Shell (SSH) using AIX Version 5.3 as your KDC. Having a single IBM Network Authentication Service (NAS) KDC on AIX for authentication across different platforms is especially helpful in a hybrid environment.

Configure and enable the Kerberos authentication in telnet, FTP, and r-commands on AIX V6

Learn to make use of the Kerberos authentication tickets in the day-to-day network services on IBM AIX V6 and discover how Kerberos can be useful in getting rid of the password hassles for network service logons. This is another method towards achieving single sign on (SSO) on an AIX system network.

Implement two-factor authentication for AIX using Kerberos

In the ever-growing need for higher security systems, multi-factor authentication is preferred for network security. Since Kerberos is one of the most popular network authentication mechanisms, learn how to design a multi-factor authentication over the Keberos protocol. Understand the use of One Time Password (OTP) and GSS-API to achieve this.

Configuring AIX 5L for Kerberos Based Authentication Using Windows Kerberos Service

This document describes the use of Kerberos as an alternative authentication mechanism to AIX using Windows 2000/2003 Server Kerberos Service. Authentication applications on AIX do not require any change to alternatively perform Kerberos authentication as it is woven into the fabric of the AIX security subsystem. By utilizing the loadable identification and authentication framework of AIX, the system directs authentication requests to use Kerberos instead of standard UNIX authentication.


Conclusion

This article listed the essential resources relating to IBM Network Authentication Service for AIX. These resources cover all major topics that administrators or developers working with Kerberos on AIX need to know: A must-bookmark page!

Resources

Learn

Get products and technologies

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into AIX and Unix on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=AIX and UNIX
ArticleID=356157
ArticleTitle=Resources on the IBM Network Authentication Service and related technologies for AIX
publish-date=12032008