Securing Applications With Identity Services, Part 1: Authentication 0
Written by an Open-SSO engineer.
Written by an Open-SSO engineer.
Glenn Brunette, a Sun Solaris security advocate, has published new security docs :
The Hacker’s choice, a well known, white hats hacker site just compiled a large set of documents about host-based attacks and network-based attacks.
This Sun BluePrints article demonstrates how the combination of the Solaris 10 Operating System and the UltraSPARC T1 processor can be used to create a high performance, secure Web site. It provides a brief overview of SSL technology, as well as an introduction to the Solaris Cryptographic Framework. Configuration details are included for common security applications, such as Apache, the Sun Java System Web Server, and secure Java technology applications, enabling these programs to utilize NCP and KSSL technology. A performance study of secure Web applications is also included.
From Solaris 9 update 2, a new framework was introduced that would make it possible to select among a number of hash algorithms the famous one that would be used to compute the encrypted version of the passwords. Before that time, the traditional crypt() routine was used, limiting the size of passwords to 8 characters and providing the even more famous 13 characters found in the /etc/shadow file.
The Solaris Pluggable Crypt Framework makes it possible to choose from 3 new algorithms, all allowing a maximal password size of 255 characters:
# cat /etc/security/crypt.conf
(…)
1 crypt_bsdmd5.so.1
2a crypt_bsdbf.so.1
md5 crypt_sunmd5.so.1
What are these libraries?
From the man pages: (more…)
Bigadmin published a complete overview of what SNORT is and the way to start configuring it. Not enough for production but perfect to decide whether to investigate further or not…
This download gives you access to more secure (read larger keys) AES & Blowfish.
Go to the download
Playing with user_attr database
========================
Last Edited : 16/02/2005
This paper is meant to illustrate the new possibilities of the /etc/user_attr database. Up to Solaris 9, the database could be used to assign RBAC profiles, roles and authorizations to users as well as a default project.
3 new parameters are introduced as of Solaris 10.