BSD Authentication

BSD Authentication, otherwise known as BSD Auth, is an authentication framework and software API employed by OpenBSD and accompanying software such as OpenSSH. It originated with BSD/OS, and although the specification and implementation were donated to the FreeBSD project by BSDi, OpenBSD chose to adopt the framework in release 2.9. Pluggable Authentication Modules (PAM) serves a similar purpose on other operating systems such as Linux, FreeBSD and NetBSD.

BSD Auth performs authentication by executing scripts or programs as separate processes from the one requiring the authentication. This prevents the child authentication process from interfering with the parent except through a narrowly defined inter-process communication API, a technique inspired by the principle of least privilege and known as privilege separation. This behaviour has significant security benefits, notably improved fail-safeness of software, and robustness against malicious and accidental software bugs.^[1]

References

^ Niels Provos; Markus Friedl; Peter Honeyman (2003). "Preventing Privilege Escalation". Proceedings of the 12th USENIX Security Symposium. pp. 231–242.

External links

authenticate(3): simplified interface to the BSD Authentication system – OpenBSD Library Functions Manual
auth_subr(3): interface to the BSD Authentication system – OpenBSD Library Functions Manual

This computer-library-related article is a stub. You can help Wikipedia by expanding it.

This Unix-related article is a stub. You can help Wikipedia by expanding it.

[privsep-1] Niels Provos; Markus Friedl; Peter Honeyman (2003). "Preventing Privilege Escalation". Proceedings of the 12th USENIX Security Symposium. pp. 231–242.

[1]

v t e Authentication
Authentication APIs	BSD Authentication (BSD Auth) eAuthentication (eAuth) Generic Security Services API (GSSAPI) Java Authentication and Authorization Service (JAAS) Pluggable Authentication Modules (PAM) Simple Authentication and Security Layer (SASL) Security Support Provider Interface (SSPI) XCert Universal Database API (XUDA)
Authentication protocols	ACF2 Authentication and Key Agreement (AKA) CAVE-based authentication Challenge-Handshake Authentication Protocol (CHAP) MS-CHAP Central Authentication Service (CAS) CRAM-MD5 Diameter Extensible Authentication Protocol (EAP) Host Identity Protocol (HIP) IndieAuth Kerberos LAN Manager NT LAN Manager (NTLM) OAuth OpenID OpenID Connect (OIDC) Password-authenticated key agreement protocols Password Authentication Protocol (PAP) Protected Extensible Authentication Protocol (PEAP) Remote Access Dial In User Service (RADIUS) Resource Access Control Facility (RACF) Secure Remote Password protocol (SRP) TACACS Woo–Lam
Category Commons

BSD Authentication

See also

References

External links

Wikious

Boobota

Sagapedia