CONTENTS
X/Open Single Sign-on Service (XSSO) -<br> Pluggable Authentication Modules
X/Open Single Sign-on Service (XSSO) -
Pluggable Authentication Modules
Copyright © 1997 The Open Group
Preliminary Specification
X/Open Single Sign-on Service (XSSO) - Pluggable Authentication Modules
X/Open Document Number: P702
ISBN: 1-85912-144-6
Frontmatter
Preface
The Open Group
The Development of Product Standards
Open Group Publications
Versions and Issues of Specifications
Corrigenda
Ordering Information
This Document
Typographical Conventions
Trademarks
Acknowledgements
Referenced Documents
Introduction to Single Sign-on
Scope of XSSO
Functional Objectives
User Sign-on Interface
Account Management Interface
Non-functional Objectives
Security Objectives
Out of Scope - End-user Sign-on Interface
Out of Scope - Account Administration Interface
Conformance
XSSO (Base) Conformance
PAM Application Programming Interface Conformance
PAM System Programming Interface Conformance
PAM Module Conformance
XSSO Architecture
XSSO Single Sign-on Model
XSSO Account Management Model
XSSO Sign-on Services
XSSO Sign-on Service Structure
PAM Service Overview
PAM-API
PAM Framework Layer Functions
Authentication Functions
Account Management Functions
Session Management Functions
Password Management Functions
Mapping Functions
PAM-SPI
Authentication Module Functions
Account Management Module Functions
Session Management Module Functions
Password Management Module Functions
Mapping Module Functions
PAM Configuration
Models of Primary and Secondary Sign-on
Primary Sign-on
Secondary Sign-on
Single Sign-on to Local Application Domain
Single Sign-on to Distributed Domain
Single Sign-on to Remote Local Service
Single Sign-on to Remote Distributed Service
Parameter Passing Conventions in PAM
Structured Data Types
Messages
Call Back Information
Opaque Data Types
Status Values
PAM Status Codes
Constants
Flags
Item_type
PAM Configuration Entry Constants
Service Name
Module Type
Control Flags
Module Path
Options
PAM - Application Program Interface (API)
pam_acct_mgmt()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_authenticate()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_authenticate_secondary()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_chauthtok()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_close_session()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_end
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_get_data
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_getenv
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_getenvlist
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_get_item
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_get_mapped_authtok()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_get_mapped_username()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_get_user
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_open_session()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_putenv
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_setcred()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_set_data
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_set_item
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_set_mapped_authtok()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_set_mapped_username()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_sm_acct_mgmt()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_sm_authenticate()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_sm_authenticate_secondary()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_sm_chauthtok()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_sm_close_session()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_sm_get_mapped_authtok()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_sm_get_mapped_username()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_sm_open_session()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_sm_set_mapped_authtok()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_sm_set_mapped_username()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_sm_setcred
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_start
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
pam_strerror()
NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
Example Header Files
PAM_APPL.H
PAM_MODULE.H
PAM Configuration Administration
Mapping Service Configuration
Module Option Parameters
Additional PAM Options
Internationalization
Introduction
Single System Codesets
Usernames
Passwords
Proposed Solution
Smart Cards
XSSO Account Management Services
Scope of XSSO Account Management
XBSS Functional Requirements
Account-level Policy
System-level Policy
Basic Functional Requirements
Account Management Authorities
Common Core Account Attributes
Management of Account Information for Multiple Services
Registry of Domain Types
XSSO Account Management Implementation Considerations
Mapping of Administrative Authorities to XSSO UAM Agents
XSSO Management Information Base Initialization
Glossary
access control
access control information
access control policy
accountability
ACI
ACL
action
active threat
administrative security information
API
assertion
audit
audit authority
audit trail
authenticated identity
authentication
authentication certificate
authentication exchange
authentication information (AI)
authentication initiator
authentication method
authorization
authorization policy
availability
claim authentication information
clear text
client-server
confidentiality
contextual information
corporate security policy
countermeasure
credentials
data integrity
data origin authentication
denial of service
digital fingerprint
digital signature
discretionary access control
distinguishing identifier
distributed application
exchange authentication information
identification
identity-based security policy
initiator
integrity
masquerade
non-discretionary access control
off-line authentication certificate
on-line authentication certificate
operational security information
organizational security policy
password
peer-entity authentication
physical security
platform domain
policy
primary service
principal
privacy
quality of protection
repudiation
rule-based security policy
seal
secondary discretionary disclosure
secret key
secure association
secure context
secure interaction policy
security architecture
security attribute
security audit
security audit trail
security auditor
security aware
security certificate
security domain
security event manager
security label
security policy
security service
security state
security token
security unaware
service domain
signature
strength of mechanism
system security function
target
threat
trap door
trojan horse
trust
trusted computing base (TCB)
trusted functionality
trusted path
trusted third party
verification AI
verifier
vulnerability
INDEX
Why not acquire a nicely bound hard copy?
Click here
to return to the publication details or order a copy of this publication.
AltStyle
によって変換されたページ
(->オリジナル)
/
アドレス:
モード:
デフォルト
音声ブラウザ
ルビ付き
配色反転
文字拡大
モバイル