Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

201

202

203

204

205

206

207

208

209

210

PAM Pluggable Authentication Module. An authentication framework that allows system administrators

to configure services for authentication, account management, session management, and password

management for HP-UX utilities, such as the system login utility.

Perfect

Forward

Secrecy (PFS)

With Perfect Forward Secrecy, the exposure of one key permits access only to data protected by

that key.

Pluggable Authentication Module

See PAM.

preshared key A cryptographic value agreed upon by two systems for encryption or authentication. The key is

exchanged prior to computer data communication, typically using an out-of-band key exchange

(such as a verbal, face-to-face exchange). See also shared key cryptography.

principal A person, system, device or other entity.

private key

cryptography

See shared key cryptography.

privilege A permission to perform an action on a computer system.

public key

cryptography

A cryptographic method using two mathematically related keys (for example, k1 and k2) such that

data encrypted with k1 can be decrypted only using k2. In addition, most algorithms provide

assurance that only the holder of k1 can correctly encrypt data that can be decrypted by k2.

One key must be private (known only to the owner), but the second key can be widely known

(public), which makes key distribution easy to manage. Public key encryption is computationally

expensive, so it is impractical for bulk data encryption. Instead, public key cryptography is usually

used to authenticate data.

Also referred to as asymmetric key cryptography (the two keys are not the same) or public-private

key cryptography.

public-private key cryptography

See private key cryptography.

RADIUS The Remote Authentication Dial-In User Service (RADIUS) protocol is widely used and implemented

to manage access to network services. It defines a standard for information exchange between a

network access device and an authentication, authorization, and accounting (AAA) server for

performing authentication, authorization, and accounting operations. A RADIUS AAA server can

manage user profiles for authentication (verifying user name and password), configuration information

that specifies the type of service to deliver, and policies to enforce that may restrict user access.

The RADIUS protocol provides only the framework for the authentication exchange and can be

used with numerous authentication methods.

RBAC Role-Based Access Control. An HP-UX mechanism to provide fine-grained access to system resources,

commands, and system calls. Users are assigned to roles and users are granted privileges for access

according to roles.

role A job function, within the context of an organization, with associated semantics regarding the

authority and responsibility given to users assigned to the role.

Role-Based

Access Control

See RBAC.

RSA Rivest, Shamir, and Adelman. Public-private key cryptosystem that can be used for privacy

(encryption) and authentication (signatures). For encryption, system A can send data encrypted with

system B's public key. Only system B's private key can decrypt the data. For authentication, system

209