AIX 6 加密文件系统(Encrypted File System),第 3 部分:用户管理(上)
2008-09-06 08:20:10 来源:WEB开发网在这个部分中,我们将介绍在各种用户管理功能中如何集成新的加密特性。
定义用户
每次当您创建新用户时,都必须定义他的或者她的、与安全相关的信息。示例 1 中显示了添加到 /etc/security/user 的用户安全属性。
示例 1 在用户安全配置文件中添加的一些新的用户属性
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak umask = 022
expires = 0
SYSTEM = "compat"
logintimes =
pwdwarntime = 0
account_locked = false loginretries = 0
histexpire = 0
histsize = 0
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
minother = 0
minlen = 0
mindiff = 0
maxrepeats = 8
dictionlist =
pwdchecks =
default_roles =
efs_keystore_access = file
efs_adminks_access = file
efs_initialks_mode = admin
efs_allowksmodechangebyuser = yes
efs_keystore_algo = RSA_1024
efs_file_algo = AES_128_CBC
为了支持这些特性,添加了一些新的特性以实现用户安全性,用于进行用户管理的 SMIT 菜单也添加了六个字段,如示例 2 所示。
示例 2 在 SMIT 面板中添加了一些新字段以进行用户的创建
Add a User
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[MORE...52] [Entry Fields]
Hard NPROC per user []
#
File creation UMASK [022]
AUDIT classes []
+
TRUSTED PATH? nosak
+
PRIMARY authentication method [SYSTEM]
SECONDARY authentication method [NONE]
Projects []
+
Keystore Access [file]
+
Adminkeystore Access [file]
+
Initial Keystore Mode [admin]
+
Allow user to change Keystore Mode?[yes]
+
Keystore Encryption Algorithm [RSA_1024]
+
File Encryption Algorithm [AES_128_CBC]
+
[BOTTOM]
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
更多精彩
赞助商链接