6.1 Security Features

The following table contains a summary of the Novell® Client™ for Linux security features:

Table 6-1 Novell Client for Linux Security Features

Feature

Yes/No

Details

Users are authenticated

Yes

GUI and command line login utilities support authentication of NCP™ and LDAP connections via user authentication into eDirectory™. NCP protocol authentication is supported via RSA and LDAP authentication is supported via SSL and Simple Bind protocol.

Servers, devices, and/or services are authenticated

Yes

Connections to servers are authenticated via user-supplied credentials. No device authentication is supported directly by the Client.

Access to information is controlled

Yes

The product’s Virtual File System (VFS) component (located in Linux Kernel space) is the gatekeeper for enforcement of access controls to Novell file systems.

Roles are used to control access

No

No explicit use of roles is included in this product. eDirectory alias objects can be created, but this is not considered true role-based access and is not specifically supported or administered through this product.

Logging and/or security auditing is done

No

Security logging and auditing features are not supplied by nor supported by this product.

Data on the wire is encrypted by default

No

No wire encryption is supplied by this product.

Data stored is encrypted

No

This product does not provide long-term storage of data.

Passwords, keys, and any other authentication materials are stored encrypted

Yes

Passwords and other authentication materials in temporary storage are encrypted to prevent in-memory scanners.

Security is on by default

Yes

There are no configuration options to enable or disable with the exception of packet signing. Packet signing is enabled by default.

FIPS 140-2 compliant

No

This product currently uses the ATB (authentication toolbox) instead of Novell’s NICI product. Therefore, this product is not FIPS 140-2 compliant because ATB itself is not FIPS-compliant.