When you’re running a server for an app you may need to consider authentication servers. An authentication server is a server that is designed to ensure information is delivered only to an intended party. Typically, authentication occurs by passing a certification from the device or user to the server. A valid certification should require both what someone has and what they know. You may recognize those as the key factors of 2 factor authentication. A password counts as something you may know, but since it includes something you have as well it can also be a pin number. For example, ATMs only ask for pin numbers because prior to accessing your account you also need to provide the card. Linux has a few different packages for handling this sort of operation.
The most common authentication package on Linux is OpenLDAP. Light Directory Access Platform lets you create a hierarchical database so you can group objects by type. The “Open” bit indicates that the implication is Open Source. However, NIS or Network Information System is also available on Linux. In fact, the NIS-Utils package is installed by default on many Linux distributions. It may be worth using NIS+ if you decide you want to use NIS because it has added security features. Lastly, there is also Kerberos which uses symmetrical key encryption to protect access to data. Symmetrical key encryption means that the device and server both use the same key to encrypt information. The alternative is Asymmetrical key, which is slower because each device has its own key.
While it is not covered at this point of Linux+ prep, if you want to implement asymmetrical key encryption on Linux you can use the GNUPG package. The GNUPG package is a GNU licensed implementation of the PGP or Pretty Good Security program. It works by creating both a public and private key. The private key is created based off both the public key and some additional information. Whether or not one form of security is better than the other really depends on what you need in terms of performance and security. Some things to consider are the sensitivity of data you’re transmitting, and level of performance you need network wide. Compliance is far more important than any theoretical benefit that may be gained if the programs are not used properly to begin with.
If you buy anything from Amazon using the link below I may receive a commission from your purchase at Amazon.
Tech Best Sellers at Amazon