Análisis de cepas de levadura mutantes en GCN

authorization

Authorization is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth). Assuming that someone has logged in to a computer operating system or application, the system or application may want to identify what resources the user can be given during this session.

Thus, authorization is sometimes seen as both the preliminary setting up of permissions by a system administrator and the actual checking of the permission values that have been set up when a user is getting access.

Logically, authorization is preceded by authentication. DeMilitarized Zone (DMZ)

A middle ground between an organization's trusted internal network and an untrusted, external network such as the Internet.

Enterprise JavaBeans (EJB)

A software component in Sun's Java EE platform, which provides a pure Java environment for developing and running distributed applications. EJBs inherently provide future scalability and also allow multiple user interfaces to be used.

Generic Security Service API (GSS-API)

A C API for distributed security services. Described in IETF RFC 2743.

Java Authentication and Authorization Service (JAAS)

A package that enables services to authenticate and enforce access controls upon users. It implements a Java version of the standard Pluggable Authentication Module (PAM) framework, and supports user-based authorization. Java Cryptography Architecture (JCA)

An umbrella term from Sun for implementing security functions for the Java platform. It includes Sun's Java Security API as well as the Java Cryptography Extension (JCE), which adds more programming interfaces for encryption and key exchange. It also provides a

mechanism for adding third-party security packages such as algorithms and digital signatures into Java applications. Java DataBase Connectivity (JDBC)

A programming interface that lets Java applications access a database via the SQL language. Since Java interpreters (Java Virtual Machines) are available for all major client platforms, this allows a platform-independent database application to be written.

Kerberized application

A software application that requires or performs Kerberos authentication.

Kerberos

Kerberos is a secure method for authenticating a request for a service in a computer network. Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). The name is taken from Greek mythology; Kerberos was a three-headed dog who guarded the gates of Hades. Kerberos lets a user request an encrypted “ticket” from an authentication process that can then be used to request a particular service from a server. The user's password does not have to pass through the network.

Lightweight Directory Access Protocol (LDAP)

A software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a

“lightweight” version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network. Netscape includes it in its latest Communicator suite of products. Microsoft includes it as part of what it calls Active Directory in a number of products including Outlook Express. Novell's NetWare Directory Services interoperates with LDAP. Cisco also supports it in its networking products.

Secure Sockets Layer (SSL)

The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of message

transmission on the Internet. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server developers, becoming the de

facto standard until evolving into Transport Layer Security

(TLS). The sockets part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public/private key encryption system from RSA, which also includes the use of a digital certificate.

Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) A GSSAPI mechanism that allows the secure negotiation of the mechanism to be used by two different GSSAPI implementations. In essence, SPNEGO defines a universal but separate mechanism, solely for the purpose of negotiating the use of other security mechanisms. SPNEGO itself does not define or provide authentication or data protection, although it can allow negotiators to determine if the negotiation has been subverted, once a mechanism is established.

Single Sign-On (SSO)

An authentication process in a client/server relationship where the user, or client, can enter one name and password and have access to more than one application or access to a number of resources within an enterprise. Single sign-on removes the need for the user to enter further authentications when switching between applications.

A Active Directory about 5–10 groups 2, 6–??, 8, ??–8

logon process

scopes

types

VSJ

Public Key Infrastructure (PKI) support 6

sites 2, 9–??, 9, ??–9, 27 smartcard support 6 VSJ 10

Windows native credential cache 6 authentication 2, 40, 42, 55, 56, 62, 64, 76, 79, 87 basic 18, 42, 55, 73, 80 Kerberos 55 NTLM 17, 63, 75, 79 PKI 6 simple 81 smartcard 6 user 19 Windows-integrated 16, 17, 18, 25, 26, 27, 55, 56, 62, 71, 72, 75 B basic fallback 18, 42, 54, 55, 56, 59, 62, 80 C client machine 16 browser 17 cookies 54, 55

credential cache, native Microsoft Windows 6

credential delegation 32, 39, 41, 80

D

Denial of Service attack 54, 60 deployment descriptor 70, 73 deployment risks 18, 19 replication interruptions 19 resource security 19 service unavailability 18 time sychronization 18

Domain Name Service (DNS) 14, 15 G

groups, Active Directory 6–8 I installation Active Directory 16 application server 16 client machine 16 Internet Explorer and SPNEGO 11 J jkinit 50 jklist 50 JKTools 50 examples 51 jkinit 50 jklist 50 jktutil 51 K Kerberos 3, 5 authentication 3, 4, 5, 55 LDAP integration 6 MIT 3, 4, 6, 41, 89

Privilege Attribute Certificates (PAC) 6

L

LDAP vii, 5, 6, 8, 61, 81, 87, 89 Active Directory integration 6 Kerberos integration 6 logging 38, 68

M

maintenance 68, 69 account settings 68 logging 68

network policy changes 69 new users/groups 68 Microsoft Windows

credential cache, native 6 integrated authentication 16, 17, 18, 25, 26, 27, 55, 56, 62, 71, 72, 75 MIT Kerberos 3, 4, 6, 41, 89 N NTLM 63, 64, 75 authentication 17, 63, 75, 79 versions 64 P

PAC, see Privilege Attribute

Certificate (PAC)

permissions, Active Directory 57 PKI, see Public Key Infrastructure

(PKI)

Privilege Attribute Certificate (PAC) 6, 8, 61, 76

Public Key Infrastructure (PKI) Active Directory, support in 6 R

RC4 76 S SASL 61

sites, Active Directory 9 smartcard

Active Directory, support in 6 SPNEGO 2, 40, 41, 42, 55, 56, 63, 71,

76, 79, 90

and Internet Explorer 11

T

Time synchronization service 15 troubleshooting

authentication 71, 72 AuthFilter 73

blank page, Internet Explorer 6 72 ConfigException 70, 73 credential delegation 77 CryptoException 69 debug information 77 DNS error 72 error 401 71 error 403 71, 76 error 500 69, 71 IIS delegation 77

integrity check failure 71 InvalidLicense 74 keytab 76 MIC-checking 77 no keytab entry 76 NTLM 75 ProtocolException 74 SecurityException 72 Servlet Error 70 ServletException 73 V VSJ about 2

Active Directory groups 8 Active Directory, and 10 deployment risks 18, 19 how it works 11

installation requirements 14, 15, 16 logging 38