Terminology

The following definitions are provided to clarify terms used in this paper.

Authentication

A process by which a system may securely identify the validity of a user. Authentication answers the following questions: Who is the user? Is this user who he claims to be?

Authorization

A process by which a system may securely verify the appropriate level of access for an authenticated user. This process answers questions like: Is user "wombat" authorized to perform the "ls" command in this directory?

Compromise

The unauthorized use, disclosure, modification, or substitution of data or systems.

DNS

Domain Name Services or Server. The facility/service provided to translate fully qualified domain names, e.g. chinookfe.ucar.edu into Internet addresses, e.g. 128.117.215.218.

DSA

Digital Signature Algorithm. A primary algorithm used in many security-based applications and products; one of the two possible types that can be used with OpenSSH to support version 2 of the "ssh" protocol, "ssh-keygen -t dsa".

Encryption

The mathematical transformation of plain text to cipher text through a means that enables recovery of the plain text data via authorized parties only. Encryption enables data protection from compromise and ensures integrity by making recovery by unauthorized parties impossible or too costly to consider worthwhile.

IP

Internet Protocol. The layer 3 network rule set that works in conjunction with TCP to send data in message units across the network to remote systems. There are two common versions of IP at present: IPv4 and IPv6.

Key

A set of data used in conjunction with an encryption algorithm that determines: A series of transformations from plain text to cipher text, or from cipher text to plain text, or the generation or confirmation of a digital signature derived from data. In the case of PKE, keys are generated in pairs, one public, one private.

MOTD

Message Of The Day. The text banner displayed on a system when a user first logs in. This usually displays system-specific information such as operating environment version.

NFS

Network File System. A distributed file system where data is held on a central server and served to end users so it appears as if it is on the local system. This allows data sharing across multiple platforms without copying. It is the most common distributed file system in use on Unix/Linux systems.

PKE

Public Key Encryption. An asymmetric encryption implementation with two keys, one classified as public, the other as private. The nature of the two keys is such that given the public key, it is considered computationally too costly, if not infeasible, to derive the private key.

RSA

Rivest Shimar Adleman. The principal inventors of the first, publicly known PKE approaches. A primary algorithm that is also used in OpenSSH to support version 2 of the "ssh" protocol, "ssh-keygen -t rsa".

TCP

Transmission Control Protocol. A set of network rules used in conjunction with the lower layer Internet Protocol to send data in the form of message units across the network to remote systems.

xdm

X display manager. A front-end utility present on many Unix/Linux desktops that functions as a "login" window. "xdm" presents a prompt for both usernames and passwords.

If you have questions about this document, please contact SCD Customer Support. You can also reach us by telephone 24 hours a day, seven days a week at 303-497-1278. Additional contact methods: consult1@ucar.edu and during business hours in NCAR Mesa Lab Suite 39.