Object Signing - Netscape CONSOLE 6.0 - MANAGING SERVERS Manual

Certificates and Authentication
keeping track of different passwords, tend to choose poor ones, and tend to write
them down in obvious places. Administrators must keep track of a separate
password database on each server and deal with potential security problems
related to the fact that passwords are sent over the network routinely and
frequently.
Solving this problem requires some way for a user to log in once, using a single
password, and get authenticated access to all network resources that user is
authorized to use—without sending any passwords over the network. This
capability is known as single sign-on.
Both client SSL certificates and S/MIME certificates can play a significant role in a
comprehensive single sign-on solution. For example, one form of single sign-on
supported by Netscape products relies on SSL client authentication (see
"Certificate-Based Authentication," which begins on page 244). A user can log in
once, using a single password to the local client's private-key database, and get
authenticated access to all SSL-enabled servers that user is authorized to
use—without sending any passwords over the network. This approach simplifies
access for users, because they don't need to enter passwords for each new server. It
also simplifies network management, since administrators can control access by
controlling lists of certificate authorities (CAs) rather than much longer lists of
users and passwords.
In addition to using certificates, a complete single-sign on solution must address
the need to interoperate with enterprise systems, such as the underlying operating
system, that rely on passwords or other forms of authentication.
For information about the single sign-on support currently provided by Netscape
products, see Single Sign-On Deployment Guide at the following URL:
http://developer.netscape.com/library/documentation/security/SSO/in
dex.htm

Object Signing

Communicator and other Netscape products support a set of tools and
technologies called object signing. Object signing uses standard techniques of
public-key cryptography to let users get reliable information about code they
download in much the same way they can get reliable information about
shrink-wrapped software.
Most importantly, object signing helps users and network administrators
implement decisions about software distributed over intranets or the Internet—for
example, whether to allow Java applets signed by a given entity to use specific
computer capabilities on specific users' machines.
250 Managing Servers with Netscape Console • December 2001