AIXV6.1新特性介绍讲解材料.pptVIP

说明 application WPAR 的文件结构 Hospital and roles Many nurses could be having nurse role ================================================================= Authorizations Authorization（授权）是一个文本串，关联到安全相关的功能或者命令。Authorization 提供了这样的机制：授权用户执行特权行为，提供不同级别的功能给不同类别的用户。Authorization 被分派到 roles。当由某个 authorization 管理的命令被执行时，只有当用户具有需要的 authorization 时，系统才授予他访问。因此，authorization 可以被看成是一个能解开一个或者多个命令的钥匙。 ================================================================= Roles RBAC 引入了 role session（角色时间）的概念。 Enhanced RBAC allows a user to choose to activate a role session for any roles that they have been assigned. By default, none of the users roles are active at login, giving the user the ability to activate the role that is required for the currently activity. Roles have further been enhanced to support the requirement that the user must authenticate before activating the role. This authentication requires the user’s login password to be authenticated before one of the user’s assigned roles may be activated. This authorization enhancement aids in protection of an attacker taking over a user session since the attacker would still need to then authenticate by entering the user’s login password to activate the users roles. ========================================================== Privileges，特权 引入特权命令是为了实现“最小特权原则”。最小特权原则是这样一种方法论：分派给用户完成任务所需要的最小权限。 ========================================================== Roles、authorizations、privileged commands 之间的关系 Role 可以包括多个 authorizations，一个 authorization 可以分派给不同的 role。一个 authorization 可以包括多个 privileged commands，一个 privileged command 可以被分派给多个 authorizations。 House and safe inside the house Museum and various exhibits The AIX Security Expert was introduced with Technology Level 5 update to the AIX 5L V5.3 OS, and provides clients with the capability to manage more than 300 system security settings from a single interface. The AIX Security Expert has been enhanced in AIX 6 with an option to store security templates directly in a Lightwei