Identification And Authentication; Authorization And Access Control; Roles; Security Auditing - Novell CLIENT FOR LINUX 1.2 - ADMINISTRATION Manual

6.3.1 Identification and Authentication

This product uses X-Tier to authenticate users via user identity information stored in eDirectory and
resource authorization and access control provided by eDirectory. The product takes a user name
and password supplied directly by the user and transfers that information to X-Tier for use within its
supported authentication mechanisms (via X-Tier's plug-in authentication module architecture). If
configured to do so, this product will authenticate (using PAM NAM (LUM)) to eDirectory through
SSL and LDAP Simple Bind Protocol.
This product does not itself authenticate to another product, system or service. No portion of this
product authenticates to another.

6.3.2 Authorization and Access Control

This product allows the protections supplied by eDirectory for access control to be fully realized for
those resources that are contained within eDirectory. Access to resources is protected based on user
identity (as stored within eDirectory). The VFS, Daemon, and X-Tier work together to compare
ACLs for a given file system path or object retrieved from eDirectory to the identity and session
scope established for the identity that owns a given connection.
The VFS acts as a proxy to the local file system (via redirection of its local mount point) to make
such decisions for network-based file system paths or objects.

6.3.3 Roles

This product does not define or manage roles. It simply makes use of roles that have already been
defined elsewhere and treats role access privileges in the same way as any user identity.
Because the product has a VFS module running in the kernel, it does not require root access for
users to create mount points (as do NCPFS and other similar open source offerings to date). The
product does not require use of SETUID for any of its operations.

6.3.4 Security Auditing

No security auditing is performed by this product.

6.4 New and Modified Files

The following sections describe the files that are added or modified during the installation of the
Novell Client for Linux.
• Section 6.4.1, "Configuration Files," on page 40
• Section 6.4.2, "PAM Login Files," on page 40
• Section 6.4.3, "User Profile Startup Files," on page 41
• Section 6.4.4, "KDE and GNOME Desktop Startup Files," on page 41
• Section 6.4.5, "Installation Files," on page 42
Security Considerations 39