Manualshelf

Datasheet

ManualsBrandsNovell ManualsSoftware00662644465449-OEM
701702703704705706707708709710
“main” (Installation and Administration) 2004/6/25 13:29 page 680 #706
i
i
i
i
i
i
i
i
To understand how this works, you need to know that when SASL au-
thenticates a user, OpenLDAP forms a distinguished name from the
name given to it by SASL (such as joe) and the name of the SASL flavor
(GSSAPI). The result would be uid=joe,cn=GSSAPI,cn=auth.
If a saslRegexp has been configured, it checks the DN formed from the
SASL information using the first argument as a regular expression. If this
regular expression matches, the name is replaced with the second argu-
ment of the saslRegexp statement. The placeholder $1 is replaced with
the substring matched by the (.*) expression.
More complicated match expressions are possible. If you have a more com-
plicated directory structure or a schema in which the user name is not part
of the DN, you can even use search expressions to map the SASL DN to the
user DN.
26.7 Security and Confidentiality
One of the main characteristics of a Linux or UNIX system is its ability to
handle several users at the same time (multiuser) and to allow these users
to perform several tasks (multitasking) on the same computer simultane-
ously. Moreover, the operating system is network transparent. The users
often do not know whether the data and applications they are using are
provided locally from their machine or made available over the network.
With the multiuser capability, the data of different users must be stored
separately. Security and privacy need to be guaranteed. Data security was
already an important issue, even before computers could be linked through
networks. Just like today, the most important concern was the ability to
keep data available in spite of a lost or otherwise damaged data medium, a
hard disk in most cases.
This section is primarily focused on confidentiality issues and on ways to
protect the privacy of users, but it cannot be stressed enough that a com-
prehensive security concept should always include procedures to have a
regularly updated, workable, and tested backup in place. Without this, you
could have a very hard time getting your data back — not only in the case
of some hardware defect, but also if the suspicion arises that someone has
gained unauthorized access and tampered with files.
680 26.7. Security and Confidentiality