Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Secure Internet Services (SIS)
Chapter 8852
Secure Internet Services (SIS)
Secure Internet Services (SIS) provides network authentication and
authorization when it is used in conjunction with the HP DCE security
services, the HP Praesidium/Security Server, or other software products
that provide a Kerberos V5 Network Authentication Services
environment.
SIS was introduced as a separate product in HP-UX 10.20 with HP DCE.
The Praesidium/Security Server (P/SS) was added in HP-UX 10.30. It
was reconfigured as a part of Internet Services in HP-UX 11.0, using
Kerberos V5 Release 1.0. Kerberos V5 Beta 4 continues to be supported.
SIS provides secure replacements for the following Internet services,
ftp, remsh, rcp, rlogin, and telnet.
The main benefit of running SIS is that user authorization no longer
requires transmitting a password in a readable form over the network.
Additionally, when both systems are operating in a Kerberos V5-based
secure environment, the Secure Internet Services ensure that a local and
remote host are mutually identified to each other in a secure and trusted
manner and that the user is authorized to access the remote account.
For ftp/ftpd, rlogin/rlogind, and telnet/telnetd, the Kerberos V5
authentication involves sending encrypted tickets instead of a readable
password over the network to verify and identify the user. For
rcp/remshd and remsh/remshd, the secure versions of these services
ensure that the user is authorized to access the remote account.
NOTE None of the Secure Internet Services encrypts the session beyond what is
necessary to authorize the user or authenticate the service.
Thus, these services do not provide integrity checking or encryption
services on the data or on the remote sessions.
HP References Installing and Administering Internet Services.
sis (5).