Select two correct statements about the authentication services available in Oracle Solaris 11.
A.
Pluggable Authentication Modules (PAM) is used to control the operation of services such
console logins and ftp.
B.
The Secure Shell can be configured to allow logins across a network to remote servers without
transmitting passwords across the network.
C.
Secure Remote Procedure Calls (Secure RPC) provides a mechanism to encrypt data on any
IP Socket connection.
D.
Pluggable Authentication Modules (PAM) is used to implement the Secure Shell in Oracle
Solaris 11.
E.
Simple Authentication and Security Layer (SASL) provides a mechanism to authenticate and
encrypt access to local file system data.
Explanation:
A: Pluggable Authentication Modules (PAM) are an integral part of the
authentication mechanism for the Solaris. PAM provides system administrators with the ability and
flexibility to choose any authentication service available on a system to perform end-user
authentication.
By using PAM, applications can perform authentication regardless of what authentication method
is defined by the system administrator for the given client.
PAM enables system administrators to deploy the appropriate authentication mechanism for each
service throughout the network. System administrators can also select one or multiple
authentication technologies without modifying applications or utilities. PAM insulates application
developers from evolutionary improvements to authentication technologies, while at the same time
allowing deployed applications to use those improvements.
PAM employs run-time pluggable modules to provide authentication for system entry services.
E: The Simple Authentication and Security Layer (SASL) is a method for
adding authentication support to connection-based protocols.
Simple Authentication and Security Layer (SASL) is a framework for authentication and data
security in Internet protocols. It decouples authentication mechanisms from application protocols,
in theory allowing any authentication mechanism supported by SASL to be used in any application
protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a
facility allowing one user to assume the identity of another. They can also provide a data security
layer offering data integrity and data confidentiality services. DIGEST-MD5 provides an example of
mechanisms which can provide a data-security layer. Application protocols that support SASL
typically also support Transport Layer Security (TLS) to complement the services offered by SASL.
Reference: softpanorama.org, Solaris PAM
I think answers A and B are correct
Would go for B and E.
B) SSH can be used to authenticate without transmitting passwords using AuthorizedKeys.
E is wrong. SASL provides authentication and security services to network protocols not to local file system data.
Agree, C and D also wrong answers, but the A and are true.
A and B look to be correct. You can use ssh-agent to login in to a remote host without a password
A: is correct without a doubt.
C & E: I find to be false, those 2 auth. services don’t provide those mechanisms.
D: I would choose it but the statement is a bit tricky, Yes Secure Shell uses PAM to authenticate users. I don’t like the way the option D puts it, so I’d rather go for B instead.
A & B answers.
Would I be wrong to put ‘C’ in the mix as well, due to the ff statement:
Secure RPC (Remote Procedure Call) protects remote procedures with an authentication mechanism. The Diffie-Hellman authentication mechanism authenticates both the host and the user who is making a request for a service. The authentication mechanism uses Data Encryption Standard (DES) encryption. Applications that use Secure RPC include NFS and the NIS naming service.
A&B
C is wrong because RPC is not an IP socket connection but NFS and naming service.
D is wrong because PAM is not for SSH but pluggable connections like ftp,telnet and login
E also is wrong because SASL provides authentication and security services to network protocols, and not local files.
A B