Dennis Clarke wrote:
Still missing the aes256-cbc ciphers etc etc for various reasons.
Mostly government export controls, not technical.
Import controls but probably not relevant anymore (we ship all
the 256 bit ciphers in a download available to almost everyone)
Is it in the shipping pro
Not for SSH because the code changes to get it to do so weren't deemed
worthwhile.
For the vast majority of people AES with a 128 bit key is more than
enough, IMO using anything higher for most people is really just burning
CPU.
Auditing ?
Please explain. Do you mean the entries in wtmpx etc etc ?
No, BSM auditing. (Full audit trail of all actions performed
by user after logging in)
You mean its possible to login to a Solaris 10 server by some method and
completely slip under the radar of the audit processes ? Wow .. thats
just totally scary.
Not on a default Solaris 10 system it isn't. On a system where the
system admin is explicitly choosen to install software that doesn't
write audit records it is. The login application is fully trusted (it
has to be) and it is responsible for writing the audit records - it was
the one that did the authentication and session setup.
--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
[email protected]
