Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Critical Host Compliance Information for UNIX Systems Administrators

General Information

Administration differences when using Kerberos

Instructions for bringing particular services into compliance

The following server software satisfy the requirements of the critical host policy.

First, these are a given for any of the software in the grid below:

Time sync software. Kerberos needs each server and client to agree on the time. Most modern systems come with time syncronization software which simply need configuration to use Penn's time servers, but it open-source packages are freely available.

The base Kerberos Distribution. Penn uses MIT Kerberos Version 5.

Service

Software

telnet, ftp

Install using instructions on Installing Kerberized Telnet and FTP,

https

A commonly-used solution is the Apache webserver (http://www.apache.org) and the accompanying mod_ssl module

Netscape Server with SSL is another option

Regardless of server, you must obtain and install a host certificate from a certificate authority such as Thawte.

imap, pop

Installing Kerberized POP and IMAP services with Kerberos.

Without Kerberos, Installing POP and IMAP services with SSL

SMTP

Install the Cyrus SASL library using our installation hints.

Next, recompile sendmail to use SASL. See Installing Kerberized SMTP services.

Other packages: qmail ( www.qmail.org), perhaps with a modified checkpassword program such as radcheckpassword which authenticates using RADIUS; or Postfix (www.postfix.org) . Also, see http://www.sendmail.org/~ca/email/mel/SASL_ClientRef.html for a comparison grid for SMTP authentication.

No other services are required to use strong authentication by the Critical Host policy, however, some commonly used UNIX services offer options to use strong authentication. For example:

Service

Software

sshd

See the OpenSSH home page, http://www.openssh.org/. Ensure your copy is not one of the trojaned releases.

top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


University of Pennsylvania Penn Computing University of Pennsylvania Information Systems & Computing (ISC)
Information Systems and Computing, University of Pennsylvania