ADSM-L

Security

1994-11-03 21:57:43
Subject: Security
From: "Paul L. Bradshaw" <pbradshaw AT VNET.IBM DOT COM>
Date: Thu, 3 Nov 1994 18:57:43 PST
The scheme is a dual authentication message passing scheme for the ADSM
authentication.  It is modeled after Kerberos, and each session generates
a new, unique key for that session.  So replaying a session stream will not
result in a signon to the server.  Session keys are encrypted multiple times
and are not open to spoofing as far as we know, and are only active for that
session while the session is active.  All password updates are encrypted with
the session key so those transactions cannot be captured either.  Admin
streams are also encrypted so user registrations with passwords cannot be
captured as well.

Data from a backup is sent over the network in the clear.  We have
requirements for data encryption and are looking into it, but it is not in
the base product today.  We are also looking into 3rd party authentication
systems such as Kerberos.

Hope this helps to answer your questions.

Paul Bradshaw
<Prev in Thread] Current Thread [Next in Thread>
  • Security, Paul L. Bradshaw <=