David Markey wrote:
Thanks Bob,
As far as i can see from the internal sun script each users smart card
ID's are queryable anonymously via LDAP(This is how the username is
mapped to the smartcard ID in AMGH). Are there security risks attached
to smart card ID's being queryable via anonymous LDAP?
Any publicly accessible data poses some degree of security risk, it's a
question of how much exposure you're willing to tolerate.
From an SRSS point of view, with 4.1 the smartcard id itself doesn't
pose a security risk if the default RHA feature is not disabled - a user
must authenticate to Solaris in order to access a session.
Within Sun, we allow anonymous queries of smartcard IDs and usernames.
-Bob
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
