Exu - A System for Secure Delegation of Authority on an Insecure Network
作者: Michael Grubb , Karl Ramm
DOI:
关键词: Authentication 、 Audit 、 setuid 、 Access control 、 Computer science 、 Kerberos 、 Task (project management) 、 Computer security
摘要: Administration of a large and complex system poses several problems: Usually, some tasks must be delegated due to lack qualified or trusted staff, automated. In many cases, parts the task might need special credentials, such as Kerberos tickets AFS tokens, that may not necessarily easily available person executing task. The problem is most systems divide users into two groups: haves have nots, provide no mechanism for finer-grained access control. addition, executed carefully recorded possible later auditing. Earlier solutions, setuid bit, Moira, ADM, sysctl, can used accomplish this, either in limited dangerous (in case setuid) fashion. Exu proposes solve via secure, authenticated connection server with full authentication cause things happen real time.
参考文章(5)
Christine Lombardi, Salvatore DeSimone, Sysctl: A Distributed System Control Package usenix large installation systems administration conference. pp. 131- 143 ,(1993)
Daniel E. Geer, Mark A. Rosenstein, Peter J. Levine, The Athena Service Management System. USENIX Winter. pp. 203- 211 ,(1988)
Don E. Libes, Using Expect to Automate System Administration Tasks ,(1990)
John K. Ousterhout, Tcl: An Embeddable Command Language USENIX Winter. pp. 133- 146 ,(1989)
Clifford Neuman, Jennifer G. Steiner, Athena, Jeffrey I. Schiller, Kerberos: An Authentication Service for Open Network Systems USENIX Winter. pp. 191- 202 ,(1988)