skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Layering central authentication on existing distributed system terminal services: Revision 2

Abstract

Provision of terminal service in a distributed system requires mechanisms to logon and logoff as well as to move textual data between the terminal and remote host. Logon occurs in most distributed systems subsequent to the establishment of a terminal session by means of host specific logon procedures. However, in a distributed system of any size, this approach leads to security and password management problems. When the distributed system is centrally administered, these problems can be rectified through the use of a central authentication service that presents a common logon interface to the user for all distributed system hosts. Normally, central authentication is provided by either initially designing it into a distributed system or supporting it through the modification of distributed system and host operating system software. As an alternative strategy, central authentication can be layered onto existing terminal services. This approach suggests itself when a large installed base of computer systems that do not support central authentication already exists. Work to assess the feasibility of this approach was carried out. The results demonstrate that layering can be used in certain circumstances to provide central authentication services, although, as a result, the concomitant maintenance costs may increase. It was alsomore » determined what terminal service features are necessary so that central authentication is easily layered on existing terminal services. Recommendations are made concerning how to structure terminal services in a distributed system to support an integrated central authentication service. 15 refs., 5 figs.« less

Authors:
Publication Date:
Research Org.:
Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
OSTI Identifier:
6163977
Report Number(s):
UCRL-96080-Rev.2; CONF-890536-1-Rev.2
ON: DE89001814
DOE Contract Number:  
W-7405-ENG-48
Resource Type:
Conference
Resource Relation:
Conference: Symposium on security and privacy, Oakland, CA, USA, 1 May 1989; Other Information: Portions of this document are illegible in microfiche products
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; COMPUTER ARCHITECTURE; SECURITY; COMPUTER OUTPUT DEVICES; 990220* - Computers, Computerized Models, & Computer Programs- (1987-1989)

Citation Formats

Nessett, D. M. Layering central authentication on existing distributed system terminal services: Revision 2. United States: N. p., 1988. Web. doi:10.1109/SECPRI.1989.36303.
Nessett, D. M. Layering central authentication on existing distributed system terminal services: Revision 2. United States. doi:10.1109/SECPRI.1989.36303.
Nessett, D. M. Tue . "Layering central authentication on existing distributed system terminal services: Revision 2". United States. doi:10.1109/SECPRI.1989.36303. https://www.osti.gov/servlets/purl/6163977.
@article{osti_6163977,
title = {Layering central authentication on existing distributed system terminal services: Revision 2},
author = {Nessett, D. M.},
abstractNote = {Provision of terminal service in a distributed system requires mechanisms to logon and logoff as well as to move textual data between the terminal and remote host. Logon occurs in most distributed systems subsequent to the establishment of a terminal session by means of host specific logon procedures. However, in a distributed system of any size, this approach leads to security and password management problems. When the distributed system is centrally administered, these problems can be rectified through the use of a central authentication service that presents a common logon interface to the user for all distributed system hosts. Normally, central authentication is provided by either initially designing it into a distributed system or supporting it through the modification of distributed system and host operating system software. As an alternative strategy, central authentication can be layered onto existing terminal services. This approach suggests itself when a large installed base of computer systems that do not support central authentication already exists. Work to assess the feasibility of this approach was carried out. The results demonstrate that layering can be used in certain circumstances to provide central authentication services, although, as a result, the concomitant maintenance costs may increase. It was also determined what terminal service features are necessary so that central authentication is easily layered on existing terminal services. Recommendations are made concerning how to structure terminal services in a distributed system to support an integrated central authentication service. 15 refs., 5 figs.},
doi = {10.1109/SECPRI.1989.36303},
journal = {},
number = ,
volume = ,
place = {United States},
year = {1988},
month = {10}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: