System configuration

For all of the secure rcmds, a system-level configuration mechanism determines which authentication methods are allowed for that system. The configuration controls both outgoing and incoming connections.

The authentication configuration consists of the libauthm.a library and the lsauthent and chauthent commands, that provide command line access to the get_auth_methods and set_auth_methods library routines.

The authentication method defines which method is used to authenticate a user across a network. The system supports the following authentication methods:

• Kerberos Version 5 is the most common method, as it is the basis for DCE.
• Kerberos Version 4 is used only by the rlogin, rsh, and rcp secure rcmds. It is provided to support compatibility with earlier versions only on SP systems. A Kerberos Version 4 ticket is not upgraded to DCE credentials.

If more than one authentication method is configured and the first method fails to connect, the client attempts to authenticate using the next authentication method configured.

Authentication methods can be configured in any order. The only exception is that standard AIX must be the final authentication method configured, because there is no fallback option. If standard AIX is not a configured authentication method, password authentication is not attempted and any connection attempt using this method is rejected.

You can also configure the system without any authentication methods. In this case, the system refuses all connections from and to any system using secure rcmds. Also, because Kerberos Version 4 is only supported with the rlogin, rsh, and rcp commands, a system configured to use only Kerberos Version 4 does not allow connections using telnet or FTP.