canmove, Confirmed users
937
edits
Rolesandservices: Difference between revisions
→Authentication Policy
| Line 17: | Line 17: | ||
=== Authentication Policy === | === Authentication Policy === | ||
The NSS cryptographic module uses Role-Based Authentication to control access to the module. To perform sensitive services using the cryptographic module, an operator must explicitly request to assume the NSS User role by logging into the module, and perform an authentication procedure using information unique to that operator (individual password). Role-based authentication is used to safeguard a user's private key information. However, Discretionary Access Control (DAC) is used to safeguard all other NSS User information (e.g., the public key certificate database) | The NSS cryptographic module uses Role-Based Authentication to control access to the module. | ||
To gain access to the cryptographic module, an operator must first log into the operating system as an authorized user. On the Security Level 2 platforms (Red Hat Enterprise Linux 4 x86_64 and 64-bit Trusted Solaris 8 SPARC), the OS uses password authentication. Once an operator is authenticated by the OS, the authorized operator may assume the Crypto Officer role without further authentication. | |||
To perform sensitive services using the cryptographic module, an operator must explicitly request to assume the NSS User role by logging into the module, and perform an authentication procedure using information unique to that operator (individual password). Role-based authentication is used to safeguard a user's private key information -- this password is used to encrypt and decrypt the user's private key. However, Discretionary Access Control (DAC) is used to safeguard all other NSS User information (e.g., the public key certificate database). | |||
=== Clearing of Previous Authentications on Power Off === | === Clearing of Previous Authentications on Power Off === | ||