摘要
客户/服务器模型中,服务器在连接前没有途径获知客户端信息,而且现在的UNIX内核中还不能区分经由网络的用户,因此每个服务程序都必须实现客户的认证功能,这样就比较冗长。在本文中,提出让用户信息经由网络传播,并利用网络传输的用户信息,把服务器的权限改变为客户端的权限的机制,并提出在内核水平实现的方法。通过这种机制和方法可以把服务器认证和访问控制实现一元化管理,并且有了这个机制,服务器程序就没有必要用特权用户权限运行,可以增强系统的安全性。
In the C/S model, the server does not hold any approach to acquire client message before connection. Furthermore, Modern UNIX kernel still can not distinguish users who traverse the network; therefore, each server program should implement clients' certification function, which results in verbosity. In this paper, it presents the mechanism which allows users to traverse the network broadcast, and utilizes user messages during network transmission, and converts the mechanism from the privilege of servers to the privilege of clients, and finally puts forward the method that can be applied in the implementation of kernel-level. By means of this kind of mechanism and method, which can achieve the target of one-diversity management based on server certification and access control, with this mechanism, it is unnecessary for the server program to run under the user privilege, and finally boosts the security of the system.
出处
《科技广场》
2006年第4期86-88,共3页
Science Mosaic
关键词
内核
客户认证
访问控制
Kernel
Client Certification
Access Control
