HP CIFS Server Administrator's Guide Version A.03.01.02 (5900-1766, September 2011)
Glossary
A
ACL Access Control List, meta-data that describes which users are allowed access to file data and
what type of access is granted to that data. ACLs define "access rights." In this scheme, users
typically belong to "groups," and groups are given access rights as a whole. Typical types of
access rights are read (list), write (modify), or create (insert.) Different file systems have varying
levels of ACL support and different file systems define different access rights. For example, DOS
has only one set of rights for a file (since only one user is considered to use a DOS system). A
POSIX 6-compliant file system allows multiple rights to be assigned to multiple files and directories
for multiple users and multiple groups of users.
ASP Application service provider, an e-business that essentially "rents" applications to users.
Authentication Scheme to ensure that a user who is accessing file data is indeed the intended user. A secure
networked file system uses authentication to prevent access occurring from someone pretending
to be the intended user.
Authorization Ensures that a user has access only to file system data that the user has the right to access. Just
because a user is authenticated does not mean he or she should be able to read or modify any
file. In the simplest form or authorization, users are given read or modify permissions to individual
files and directories in a file system, through the use of access control information (called an
Access Control List, or ACL.)
C
CIFS Common Internet File System, a specification for a file access protocol designed for the Internet.
Credential A piece of information that identifies a user. A credential may be as simple as a number that is
uniquely associated with a user (like a social security number), or it may be complicated and
contain additional identifying information. A strong credential contains proof, sometimes called
a verifier, that the user of the credential is indeed the actual user the credential identifies.
HP CIFS Hewlett-Packard's implementation of CIFS for UNIX. HP CIFS provides both server and client
modules for both HP 9000 servers and workstations.
D
Diffie-Hellman A protocol used to securely share a secret key between two users. Diffie-Hellman protocol uses
a form of public key exchange to share the secret key. Diffie-Hellman is known to be susceptible
to an interceptor's attack, but authenticated Diffie-Hellman Key Agreement, a later enhancement,
prevents such a middle-person attack.
E
Encryption Encryption ensures that data is viewable only by those who possess a secret (or private) key.
Encrypted data is meaningless unless the secret key is used to decrypt the data. Encryption and
decryption of data is called ciphering.
I
Integrity Integrity ensures that file system data is not modified by an intruder. An intruder can not intercept
a file system data packet and modify it without the network file system discovering and rejecting
the tampering.
K
Kerberos An authentication and authorization security system developed by MIT and the IETF working
group. It is based on secret key technology, and is generally easier to manage than a public key
infrastructure because of its centralized design. However, Kerberos is not as scalable as a public
key infrastructure.
173