 |
|
|
|
|
|
Configuring an AIX client with multiple Kerberos realms
A typical customer environment is heterogeneous and includes AIX, Windows,
and Linux, which can
be servers or clients. In many situations, an AIX Kerberos client needs to interact with
multiple Kerberos realms hosted on a Windows or AIX Kerberos
server to handle the requested services. This article explains the configuration details
required to set the AIX Kerberos client to interact with
multiple realms hosted on Windows Kerberos servers.
|
|
Articles |
|
20 Oct 2009 |
|
| |
Securing remote AIX V6.1 data at rest using the SLES Encrypt File Container
See how you can secure data at rest exported by AIX and consumed by SUSE Linux
Enterprise Server via
the NFS protocol using the Encrypt File Container feature provided with SLES.
|
|
Articles |
|
13 Oct 2009 |
|
| |
Configure single sign-on authentication on AIX
Single sign-on (SSO) is a mechanism that allows a user to access resources
across multiple systems by just authenticating to the server once. This method is
quite helpful in scenarios where the user database is centralized (like LDAP). Users
can authenticate on one system and then access multiple systems.
|
|
Articles |
|
22 Sep 2009 |
|
| |
IBM Network Authentication Service Version 1.4.0.8 for AIX 6.1
IBM Network Authentication Service Version 1.4.0.8 was released with the AIX
6.1 expansion pack CD and is also available on the IBM AIX Web Download Pack
Program. The new version has some good reasons, including new features and vital
fixes, for AIX Kerberos administrators to
upgrade. This article describes the features issued in this release and how these
features can benefit your Kerberos infrastructure over AIX and help enhance
security. The new release allows administrators to "ride up the grade," not simply upgrade.
|
|
Articles |
|
08 Sep 2009 |
|
| |
Understanding advanced AIX features: MLS in simple steps
If you feel that the new features of AIX like RBAC and MLS are too
confusing, this article will help you to understand the features in simple terms and
with examples. This article is part two of a series.
|
|
Articles |
|
07 Jul 2009 |
|
| |
Understanding advanced AIX features: Role-based access control in simple steps
Security is a major concern of operating systems. This article series provides an understanding
of the new features on AIX, role-based access control and multi-level
security. Part 1 of this series discusses AIX
role-based access control (RBAC) and how roles, responsibilities, and the authorization of
a root user can be delegated to more than one user.
|
|
Articles |
|
23 Jun 2009 |
|
| |
Working with filesystems using NFSV4 ACLs
Managing NFSv4 ACLs on different filesystem with different commands can
become difficult. This article discusses and compares the different commands that you
might use to migrate from one filesystem to another.
|
|
Articles |
|
02 Jun 2009 |
|
| |
AIX 6.1, Solaris 10, and HP-UX and the System p
In recent years, HP, Sun, and IBM have all released new versions of their
commercial UNIX-based operating systems. This article compares and contrasts some of
the innovations in their releases. Learn the differences on how to work with certain
tasks, such as networking and performance tuning. Also, see at a high level some of the virtualization differences among these big three.
|
|
Articles |
|
26 May 2009 |
|
| |
Speaking UNIX: 10 great tools for any UNIX system
The universe of UNIX tools changes constantly. Here are 10 tools -- some
you may have overlooked and some new -- to tinker with.
|
|
Articles |
|
12 May 2009 |
|
| |
Configuring Kerberos master-slave KDC with LDAP master-replica topology on AIX
Learn how to configure and manage the Kerberos master-slave Key Distribution Center with an LDAP master-replica setup. This article gives a step-by-step example of how to achieve one such complex Kerberos setup.
|
|
Articles |
|
21 Apr 2009 |
|
| |
Secure file transfer in a heterogeneous environment
File transfer is an essential and important activity in the day-to-day
computing world. Security lapses during file transfer can invite leak important data
to the external world. As a result, securing FTP is of primary importance. Hence, in
AIX V6.1, IBM has introduced a secure flavor of FTP (and ftpd), based on OpenSSL,
using Transport Layer Security (TLS) to encrypt both the command and the data
channels of file transfer. This article shows the advantage of using this AIX V6.1
feature and its usage between AIX and other heterogeneous systems that already
support this feature. This article focuses on AIX secure FTP with a Windows server.
|
|
Articles |
|
14 Apr 2009 |
|
| |
Multi-security mechanisms with multifactor authentications
Authentication is a key component of security-based solutions. This article
discusses the risk associated with the use of the same security mechanisms in
multifactor authentication systems and the use of GSS-API as a suitable option for achieving the multi-security mechanism with multifactor authentication for enhanced security for solutions designed over UNIX.
|
|
Articles |
|
10 Mar 2009 |
|
| |
Configure Enterprise Identity Mapping (EIM) for AIX NFSv4 over a Kerberos
cross-realm setup
Learn how to set up and configure Enterprise Identity Mapping (EIM) for AIX
Network File System (NFS) version 4 over a Kerberos cross-realm setup.
|
|
Articles |
|
03 Mar 2009 |
|
| |
Configure IBM Network Authentication Service master KDC with an LDAP back-end server on AIX
Learn how to configure the IBM Network Authentication Service (IBM Kerberos) with
an
LDAP (Lightweight Directory Access Protocol) directory to store Kerberos principal
and policy information. This article is a detailed guide for Kerberos
administrators who want to achieve security, scalability, and high availability using Kerberos and LDAP on AIX.
|
|
Articles |
|
17 Feb 2009 |
|
| |
Perform uniform mounting with generic NFS
To efficiently achieve uniform mounting in the presence of multiple,
simultaneous NFS version exports, you need a generic NFS mount utility. Learn
how a generic NFS mount utility
can help reduce handling multiple NFS versions and simplify the management of
those versions. The article
describes the concept of the generic NFS mount, outlines the advantages and
applications of the system, and gives some overall design
details.
|
|
Articles |
|
11 Feb 2009 |
|
| |
IBM Network Authentication Service KDC configuration, Part 3: Configuring a slave KDC with LDAP on AIX
The first two parts of this three-part series covered how to configure IBM
Network Authentication Service (NAS) master and slave KDCs with a legacy database and how to upgrade the slave KDC to
behave as a master KDC. Taking this to the next level, this article shows how to configure the Kerberos slave KDC with the LDAP database and why there is a need to do so.
|
|
Articles |
|
20 Jan 2009 |
|
| |
Kerberos LDAP master-slave configuration management
Kerberos and LDAP are designed to allow for a master/slave setup.
In a centralized environment, user and group management can be handled through the LDAP/KRB5LDAP (Kerberos LDAP) protocol. This article explains how to configure KRB5LDAP (Kerberos LDAP) master/slave for KRB5LDAP clients.
|
|
Articles |
|
13 Jan 2009 |
|
| |
Auditing and serviceability management in IBM Network Authentication Service for AIX
Auditing is a vital aspect of any software, and even so more if
the software provides security services. This article helps to understand the auditing and serviceability features provided in IBM Network Authentication Service.
Learn about the different server-side log files, how to enable them, and how to analyze them.
Also gain the expertise on how to turn on the debug message logging required for problem determination
and support activities.
|
|
Articles |
|
06 Jan 2009 |
|
| |
Using AIX Security Expert
AIXPert is an all-purpose GUI and command-line security tool that
incorporates over 300 security configuration settings. Learn about recent
enhancements implemented with AIX V6.1, including SOX auditing support, and go
through real scenarios to show how AIXPert can be used from the command line, smit, and the GUI.
|
|
Articles |
|
09 Dec 2008 |
|
| |
Resources on the IBM Network Authentication Service and related technologies for AIX
Get the answers to your questions about the AIX Network Authentication Service and
related technologies in one place. This article provides developers and
administrators with a listing of the developerWorks articles that cover
configuration, administration, interoperability, Kerberized filesystems (NFS V4), and
different Kerberized login modules based on IBM NAS for AIX. For your convenience and
ease of usage, the articles have be categorized into appropriate sections.
|
|
Articles |
|
03 Dec 2008 |
|
| |
IBM Network Authentication Service KDC configuration, Part
2: Upgrading a slave KDC to a master KDC
Become an expert administrator of a reliable Kerberos environment with high
availability, involving multiple Kerberos master-slave Key Distribution
Centers (KDC) on AIX and many clients. Part 2 of this series covers how to
upgrade the slave KDC to perform as a master KDC. Part 1 covered how to
configure and manage the basic master-slave KDC setup, and Part 3 will show
how to configure the slave KDC with LDAP as the back end for storing
Kerberos data.
|
|
Articles |
|
11 Nov 2008 |
|
| |
Implement two-factor authentication for AIX using Kerberos
In the ever-growing need for higher security systems, multi-factor
authentication is preferred for network security. Since Kerberos is one of the most
popular network authentication mechanisms, learn how to design a multi-factor
authentication over the Kerberos protocol. Understand the
use of One-Time Password (OTP) and GSS-API to achieve this.
|
|
Articles |
|
04 Nov 2008 |
|
| |
IBM Network Authentication Service for AIX backup and restore management
Learn how to back up your important Kerberos data as a part of your business
continuity plan and other backup processes. In the Kerberos production environment,
taking a regular and proper backup of Kerberos data is vital to ensure 24x7
reliable and consistent support to the users. This article educates the Kerberos
administrators on what data to consider for your backup plan.
|
|
Articles |
|
30 Sep 2008 |
|
| |
AIX WPAR auditing
AIX V6.1 introduced the software-based partition technology called Workload
Partitions (WPAR). This article provides an overview of auditing subsystems in a WPAR
environment with examples about global auditing, WPAR auditing, and global-initiated
WPAR auditing. The article also presents information about the audit reporting tools
that can be used to view the audit records.
|
|
Articles |
|
23 Sep 2008 |
|
| |
IBM Network Authentication Service KDC configuration, Part 1: Configuration and management of slave KDC in IBM Network Authentication Service on AIX
Become an expert administrator of a reliable Kerberos environment with
high-availability involving multiple Kerberos master-slave Key Distribution Centers
(KDC) on AIX and many clients. In this article, part 1 of three-part series, learn
how to configure and manage the basic master-slave KDC setup. Part 2 will cover how
to update the slave KDC to the master KDC. Part 3 will educate how to configure the
master-slave KDC with LDAP as the back end for storing Kerberos data.
|
|
Articles |
|
09 Sep 2008 |
|
| |
Configure IBM NAS version 1.4.0.7 for AIX to make use of non-default encryption type
This article provides step-by-step procedures of how to enable and make
use of non-default encryption type such as "aes128-cts" in the Kerberos setup (IBM
Network Authentication Service). It also explains the reasoning behind every action taken in this regard. The
explanation and reasoning will help Kerberos administrators make use of any other
non-default encryption types in their Kerberos setups.
|
|
Articles |
|
19 Aug 2008 |
|
| |
AIX security commands
Security is an important aspect of the AIX operating system. Follow along
with this quick reference guide on AIX Security commands to learn more.
|
|
Articles |
|
22 Jul 2008 |
|
| |
Understanding the Trusted Execution environment in AIX V6
This article covers the advanced security features of IBM AIX V6.1, Trusted
Execution environment. It educates AIX system administrators on how to ensure system
integrity at run-time as well as at stand-by time. This article, which acts as a
starting point to learn about the Trusted Execution environment, also covers the most commonly used commands and examples.
|
|
Articles |
|
08 Jul 2008 |
|
| |
Enhanced password strength in IBM Network Authentication Service for AIX
In a Kerberos environment, protecting principals' passwords is imperative
to preserve the system security. Learn how Kerberos administrators can take advantage of
the password protection and password strength enhancement features provided by IBM
Network Authentication Service for AIX.
|
|
Articles |
|
01 Jul 2008 |
|
| |
Configure and enable the Kerberos authentication in telnet, FTP, and r-commands on AIX V6
Learn to make use of the Kerberos authentication tickets in the day-to-day
network services on AIX V6 and discover how Kerberos can be useful in getting rid
of the password hassles for network service logons. This is another method towards
achieving single sign on (SSO) on an AIX system network.
|
|
Articles |
|
27 May 2008 |
|
| |
openssh with AIX chroot
Sometimes you might want to restrict users to specific directories so that they are
not able to look into the whole system. This can be achieved by creating the
chroot users. This article describes how to set up an AIX chroot environment and use
it with ssh, sftp, and scp. You will also learn about the prerequisites for AIX and
openssh, and how to configure and use a chroot environment. A downloadable sample shell script that automatically sets up this environment is also provided.
|
|
Articles |
|
05 May 2008 |
|
| |
Extending non-IBM LDAP servers to support full AIX functionality
Managing users and controlling their access in a centralized LDAP
environment is a challenging task in a heterogeneous environment. Some platforms may lose their OS-specific functionality due to the lack of schema support from the LDAP server. This presents a solution for some non-IBM LDAP servers to support full AIX user management functionality by providing the AIX LDAP schema for these server types, the steps for updating these LDAP server type with the schema, and the proper configuration on AIX to take advantage of the added AIX LDAP schema.
|
|
Articles |
|
19 Feb 2008 |
|
| |
Secure RPC using DES authentication on AIX 5.3
Find out how to use Secure RPC using Data Encryption Standard (DES)
authentication on AIX(R) 5.3 to achieve a secure communication between the client
and server. In this article, you'll examine the setup required to initiate Secure
RPC between the client and server, DES authentication, and how to make applications
secure using the Secure RPC application programming interfaces (APIs).
|
|
Articles |
|
12 Feb 2008 |
|
| |
Understanding EFS
Safeguard your data with the Encrypted File System (EFS), a new AIX(R) 6.1
security feature, and get a comprehensive picture on the configuration of EFS and
its usage. EFS can store the content of a file in an encrypted format at the file
system level. If you’re new to EFS, this article is a good starting point for
reviewing the need for EFS, its features, and most commonly used commands.
|
|
Articles |
|
29 Jan 2008 |
|
| |
AIX NFS Version 4 configuration over Kerberos inter-realm setup
Learn how to configure an inter-realm setup between IBM(R) Network
Authentication Service (IBM NAS) and Microsoft(R) Active Directory for AIX(R)
Network File System (NFS) Version 4.
|
|
Articles |
|
08 Jan 2008 |
|
| |
IBM Network Authentication Service KDC and administration servers discovery
using LDAP for AIX
Implement effective ways to configure IBM(R) Network Authentication Service
(IBM NAS) with Lightweight Directory Access Protocol (LDAP) on AIX(R) to get the
maximum reliability and scalability in your Kerberos environment. This article shows
you different ways of setting up the dynamic, yet consistent, Kerberos environment.
|
|
Articles |
|
31 Dec 2007 |
|
| |
Kerberos policy management in IBM Network Authentication Service for AIX
Version 5.3
Use IBM(R) Network Authentication Service (IBM NAS) for AIX(R) to learn more
about the Kerberos policy management for passwords, and get acquainted with anything
and everything about IBM NAS policy. Also examine complete commands, examples, and
scenarios to assist you in using the kerberos password policy to its fullest.
|
|
Articles |
|
11 Dec 2007 |
|
| |
Accessing DFS and NFS V4 directories simultaneously
This article provides guidance to DCE or DFS users who are migrating
from DCE or DFS to Kerberos/NFS V4. During the
transition period, these users need to be authenticated and authorized to use both DFS
and NFS V4 directories. This article answers some basic questions, such as,
"Can the DCE authentication server be used as a Kerberos server for NFS V4 with a
Kerberos client?"
|
|
Articles |
|
04 Dec 2007 |
|
| |
POSIX file capabilities: Parceling the power of root
Linux has been using capabilities for years, but has recently acquired POSIX
file capabilities. POSIX file capabilities split root user powers into smaller
privileges, such as the ability to read files or to trace processes owned by another
user. By assigning capabilities to a file, you can enable an unprivileged user to
execute the file with those specified privileges. In this article, learn how to
program using capabilities and how to switch on the ability of your system setuid
root binaries to use file capabilities.
|
|
Articles |
|
16 Oct 2007 |
|
| |
Top ten AIX and UNIX articles and tutorials -- March 2007
See what AIX(R) and UNIX(R) content your peers found most valuable.
|
|
|
|
26 Apr 2007 |
|
| |
Top ten AIX and UNIX articles and tutorials -- January 2007
See what AIX(R) and UNIX(R) content your peers find interesting.
|
|
|
|
14 Mar 2007 |
|
| |
AIX 5L LDAP user management
Get an overview of the Lightweight Directory Access Protocol- (LDAP) related enhancements in the AIX 5L(TM) operating system V5.3 TL5 update. Some of the enhancements include support for Active Directory, multiple base distinguished (DN) support, and extended base DN format.
|
|
Articles |
|
27 Dec 2006 |
|
| |
Kerberos authentication for AIX Version 5.3 Network File System Version 4
Find out how to use application programming interfaces (APIs) when writing your own custom Kerberos-based authentication applications. Network File System Version 4 (NFS V4), the up and coming enterprise file system, uses the Kerberos security mechanism to address privacy, authentication, and integrity requirements. In this article, you'll examine different Kerberos credential cache name formats that AIX(R) NFS V4 supports and are required for authentication purposes. You'll also look at different methods of obtaining the Kerberos credential.
|
|
Articles |
|
05 Dec 2006 |
|
| |
Secure Kerberized authentication on Solaris 10 using IBM AIX Version 5.3
Set up a Kerberized environment to work with Solaris(TM) 10 and learn how to configure a Key Distribution Center (KDC) on AIX(R) Version 5.3. You'll also run through a series of steps for configuring a Kerberos client on Solaris 10 to authenticate users for Telnet, remote shell (rsh), and Secure Shell (SSH) using AIX Version 5.3 as your KDC. Having a single IBM Network Authentication Service (NAS) KDC on AIX for authentication across different platforms is especially helpful in a hybrid environment.
|
|
Articles |
|
07 Nov 2006 |
|
| |
Tunneling with SSH
Use OpenSource tools, such as Secure Shell (SSH), PuTTY, and Cygwin, to create secure connections to almost any resource you need to access. Current information on SSH tunneling and setup is fragmented and limited to specific applications, or it is written at a system administrator's level. With increasing security needs, the addition of boundary firewalls, and tightening of the number of allowed network ports, users need a method that is simple to configure, easy to operate and, above all, secure to accomplish day-to-day tasks and access the services that they have become accustomed to. This article describes the setup of a simple SSH client connecting to an AIX(R)- or Linux(R)-based SSH server that allows a typical, technically literate individual the ability to set up, configure, and operate a flexible means of tunneling data and services over the SSH service.
|
|
Articles |
|
17 Oct 2006 |
|
| |
Kerberized authentication of Windows Terminal Service
Discover how to configure the Microsoft(R) Windows(R) 2003 Server to authenticate Terminal Service users with the IBM Network Authentication Service (IBM NAS) Key Distribution Center (KDC) being hosted on their AIX(R) 5.3 system. Such a setup not only gives Kerberized authentication for Terminal Service users, but it also allows users to have uniform user IDs and passwords across AIX and Windows Server systems. It allows application developers to exploit the advantages of Kerberos interoperability between IBM NAS and Windows in Kerberized applications spanning across systems.
|
|
Articles |
|
22 Aug 2006 |
|
| |
Take a closer look at OpenBSD
OpenBSD is quite possibly the most secure operating system on the planet. Every step of the
development process focuses on building a secure, open, and free platform. UNIX(R) and Linux(R)
administrators take note: Without realizing it, you probably use tools ported from OpenBSD every day.
Maybe it's time to give the whole operating system a closer look.
|
|
Articles |
|
08 Aug 2006 |
|
| |
Secure communication with Kerberized OpenSSH on AIX Version 5.3 using Windows Kerberos service
Discover how you can configure the Kerberized Open Secure Shell (OpenSSH) on AIX(R) Version 5.3 machines that have Microsoft(R) Active Directory Server to act as the Key Distribution Center (KDC). OpenSSH encrypts traffic, including passwords, to eliminate eavesdropping, taking over your connection, or peeking into your data. If you work in a hybrid environment with multi-vendor solutions on AIX Version 5.3 systems, then you'll find this article extremely useful.
|
|
Articles |
|
13 Jun 2006 |
|
| |
Network File System Version 4 security: Kerberos and LIPKEY mechanisms
Use the enriched security features of Network File System (NFS) Version 4 to pave your way to public key technology. In this article, you'll examine the NFS Version 4 built-in security schemes, and how to use the existing Kerberos authentication database in a LIPKEY security mechanism. You'll also find out how to take the first steps for a migration or extension from Kerberos to the LIPKEY security mechanism.
|
|
Articles |
|
26 Apr 2006 |
|
| |
Get the latest version of OpenSSH for AIX
OpenSSH is a free software tool that supports SSH1 and SSH2 protocols. It's reliable and secure and is widely accepted in the IT industry to replace the r-commands, telnet, and ftp services, providing secure encrypted sessions between two hosts over the network. Get information in this article about OpenSSH version 3.4p1.
|
|
Articles |
|
10 Feb 2006 |
|
| |
Secure applications with AIX 5L Version 5.2 and 5.3 using cryptographic APIs
Do you want your applications to have authenticity, integrity, and privacy services? The IBM AIX 5L(TM) Version 5.2 and Version 5.3 (AIX 5L) operating system now offers powerful cryptographic application programming interfaces (APIs) for developing a secure application. AIX 5L exports a set of powerful cryptographic APIs that address both symmetric as well as asymmetric key algorithms. These interfaces provide block and stream cipher algorithms and two crypto-secure hash algorithms: sign and / or verify and Diffie-Hellman key-exchange algorithms.
|
|
Articles |
|
27 Oct 2005 |
|
| |
A comparison of security subsystems on AIX, Linux, and Solaris
Learn how to apply a strategy for implementing a single identification and authentication (I and A) framework across a heterogeneous, multi-platform environment. An I and A system provides a layer of abstraction between a user application and the implementation of any authentication or identification functions it needs to perform.
|
|
Articles |
|
13 Oct 2005 |
|
| |
Configure DB2 Universal Database for UNIX to use OpenSSH
Prior to IBM DB2 UDB, Version 8.2.2, on UNIX, DB2 UDB implicitly relied on rsh as the remote shell mechanism when executing commands on remote DB2 nodes. This article describes how to configure OpenSSH 3.8p1 for use with a DB2 UDB version 8.2.2 or higher DPF instance.
|
|
Articles |
|
23 Jun 2005 |
|
| |
Is your AIX environment secure?
Are you concerned about protecting your AIX system from intruders? The author tells ways to maintain system integrity and highlights security tools you can use to diagnose an AIX system and identify potential security lapses.
|
|
Articles |
|
20 Dec 2002 |
|
| |
Securing AIX Network Services
In this online course, you'll gain a better understanding of the network services in AIX(R) and the impact each one has on system security. Use the information in this tutorial to achieve the right balance between functionality and security.
|
|
Tutorials |
|
12 Sep 2002 |
|
| |
Deploying OpenSSH on AIX
Learn how to improve the security and integrity of your AIX(R) servers using network services provided by the OpenSSH implementation of the Secure Shell protocol.
|
|
Tutorials |
|
12 Sep 2002 |
|
| |
