System security provides the means to manage various users and groups and to implement access and privilege controls against operating system resources. AIX allows you to install, configure and deploy security mechanisms in the base operating system. It also provides a variety of authentication mechanisms to protect the system against unauthorized access.
System security provides the means to manage various users and groups and to implement access controls and privilege controls against operating system resources.
An AIX administrator can manage Kerberos-authenticated users and their associated Kerberos principals.
PKI certificate-based authentication
Certificate Authentication Service provides the AIX operating system with the ability to authenticate users using X.509 public key infrastructure (PKI) certificates and to associate certificates with processes as proof of a user's identity.
The Light Directory Access Protocol (LDAP) method is used to allow centralized security authentication as well as access to user and group information. This functionality is intended to be used as a centralized, global repository to keep authentication, user, and group information common across multiple hosts.
Pluggable authentication method (PAM) infrastructure
The pluggable authentication module (PAM) framework provides system administrators with the ability to incorporate multiple authentication mechanisms into an existing system through the use of pluggable modules. Applications enabled to make use of PAM can be plugged into new technologies without modifying the existing applications.
Enterprise Identity Mapping (EIM)
Today's network environments are made up of complex groups of systems and applications, resulting in the need to manage multiple user registries. Dealing with multiple user registries quickly grows into a large administrative problem that affects users, administrators and application developers. EIM can help.
It is essential in a server environment that the system activities log be set up to monitor for unauthorized access. The AIX auditing subsystem enables the system administrator to record security-relevant information, which can be analyzed to detect potential and actual violations of the system security policy.
Additional AIX Security Tools on IBM eServer™ pSeries, IBM RS/6000 and SP/Cluster
This Redbook describes additional tools and techniques you can use to enhance the security of your pSeries environment.