Networked authentication mechanisms inherently benefit sysadmins by providing one true location for creating and managing information about your users. Similarly, networked authentication mechanisms can enhance login security by centralizing authentication checks on secure servers and can provide other organizational benefits, such as encrypted network communications and providing login information for different operating systems, not just your Linux machines. So what are the alternatives? As explained in this chapter, flexible authentication mechanisms such as Pluggable Authentication Modules ( PAMs) enable the login sequence to invoke multiple security checks, beyond just a password, to help minimize the chances of unauthorized logins. Unfortunately, this strategy addresses only one aspect of authentication and has the nasty side effect of causing most people to write down their passwords, since only The Amazing Kreskin could remember them. Many organizations try to secure logins simply by assigning passwords that look like line noise or TECO commands. Let’s face it-by design, anyone with physical or network access to a login prompt on one of your machines usually has a few chances to try to crack someone’s login and password in order to gain access. After locking down networks and systems to minimize the number of opportunities intruders have to access your machines (as discussed elsewhere in this book), providing secure mechanisms to enable users to log in on your machines is critical to their security.
Security is a primary concern of any sysadmin, especially in today’s completely connected network environments.
0 kommentar(er)
