Using SESAME's GSS-API to add security to Unix applications

Abstract

SESAME is a security architecture that starts from the Kerberos protocol and adds to it public-key based authentication, role based access control, delegation of rights and an extensive auditing facility. SESAME provides the GSS-API for securing applications and the paper describes the authors' efforts in securing some of the most important Unix applications using SESAME: telnet, the BSD rtools and the remote procedure call. They have found the benefit of using SESAME is that the applications are secured in a uniform manner, additional security services are provided to the applications that are unavailable with other architectures, and the impact of SESAME on the application performance is not excessive.