BSD Authentication
   HOME

TheInfoList



Click Here for Items Related To - BSD Authentication
OR:
BSD Authentication on:   [Wikipedia]   [Google]   [Amazon]

BSD Authentication, otherwise known as BSD Auth, is an
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In contrast with iden ...
framework A framework is a generic term commonly referring to an essential supporting structure which other things are built on top of. Framework may refer to: Computing * Application framework, used to implement the structure of an application for an op ...
and
software Software consists of computer programs that instruct the Execution (computing), execution of a computer. Software also includes design documents and specifications. The history of software is closely tied to the development of digital comput ...
API An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...
employed by
OpenBSD OpenBSD is a security-focused operating system, security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking NetBSD ...
and accompanying software such as OpenSSH. It originated with
BSD/OS BSD/OS is a proprietary Unix operating system first released in 1993 as BSD/386. It was originally developed and sold by Berkeley Software Design, Inc. (BSDi) and designed to be a Unix for 386-based PCs. It was built off the Net/2 distribution ...
, and although the specification and implementation were donated to the
FreeBSD FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...
project by
BSDi Berkeley Software Design, Inc. (BSDI or, later, BSDi), was a software company founded in 1991 by members of the Computer Systems Research Group (CSRG), known for developing and selling BSD/OS (originally known as BSD/386), a commercial and part ...
, OpenBSD chose to adopt the framework in release 2.9.
Pluggable Authentication Modules A pluggable authentication module (PAM) is a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). PAM allows programs that rely on authentication to be written independently o ...
(PAM) serves a similar purpose on other operating systems such as
Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
,
FreeBSD FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...
and
NetBSD NetBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was fork (software development), forked. It continues to ...
. BSD Auth performs authentication by executing scripts or programs as separate
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management * Business process, activities that produce a specific s ...
es from the one requiring the authentication. This prevents the child authentication process from interfering with the parent except through a narrowly defined
inter-process communication In computer science, interprocess communication (IPC) is the sharing of data between running Process (computing), processes in a computer system. Mechanisms for IPC may be provided by an operating system. Applications which use IPC are often cat ...
API, a technique inspired by the
principle of least privilege In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction l ...
and known as
privilege separation Privilege may refer to: Arts and entertainment * Privilege (film), ''Privilege'' (film), a 1967 film directed by Peter Watkins * Privilege (Ivor Cutler album), ''Privilege'' (Ivor Cutler album), 1983 * Privilege (Television Personalities album ...
. This behaviour has significant security benefits, notably improved
fail-safe In engineering, a fail-safe is a design feature or practice that, in the event of a failure causes, failure of the design feature, inherently responds in a way that will cause minimal or no harm to other equipment, to the environment or to people. ...
ness of software, and robustness against malicious and accidental
software bug A software bug is a design defect ( bug) in computer software. A computer program with many or serious bugs may be described as ''buggy''. The effects of a software bug range from minor (such as a misspelled word in the user interface) to sev ...
s.


See also

*
Name Service Switch The Name Service Switch (NSS) is a feature found in the standard C library of various Unix-like operating systems that connects a computer with a variety of sources of common configuration databases and name resolution mechanisms. These sources in ...


References


External links

* * Berkeley Software Distribution Computer access control frameworks Unix authentication-related software {{Unix-stub