Click here for our home page Click here to find out about us Click here for products & services Click here for support Click here for news Click here for details of our partners Click here for our contact details
CyberSafe logo

Products • TrustBroker™

 

 

If you already have a Kerberos authentication and key management server (e.g. Microsoft Active Directory or TrustBroker Security Server) deployed in your network, and require a modular, stable, common, cross platform, and commercially supported Kerberos Client for your Servers, then this is the product you need. If you are looking for a Kerberos Client for your Workstations then you need the TrustBroker Secure Client for Workstations product.

 

 
Overview

 

  
Operating Systems

 

  

The TrustBroker™ Secure Client for Servers is a product that implements a Kerberos Client on a wide range of server operating systems. It supports a wide variety of credential cache formats and interfaces to give full interoperability and compatibility with CyberSafe TrustBroker™ and also Microsoft, UNIX operating system vendor, and Open Source Kerberos implementations.

 

The Secure Client product is designed to be both modular and easy to deploy in a multi-platform network environment. The Secure Client provides the base functionality required, implementing features such as credential cache management, user authentication and allowing for other add-on TrustBroker products to provide additional functionality. In some cases the add-on product can be installed and used standalone without the Secure Client being installed first. A summary of the Secure Client add-on products is provided below :

  • A GSS-API version 2 based Application Security Runtime Library.
  • A Single SignOn module to integrate operating system logon with the need to obtain initial user credentials.
  • A Public Key Option Pack, comprising Smart Card Logon and Virtual Smart Card support.
  • A Secure Connection Pack : telnet, rsh, rlogin, rcp (Windows and UNIX) + ftp (UNIX only).
  • The TrustBroker™ WebAccess product for secure authenticated access to Web enabled applications or Proxy servers.

Other Secure Client add-on's are being developed, so if you have a particular interest in functionality being available please let us know so that we can advise you on availability.

 

The following operating systems are supported by the Secure Client for Servers product.

  • Microsoft® Windows® 2000 & 2003 on x86 (32-bit)
  • SUN Solaris™ Versions 8, 9 & 10 on Sparc (32-bit & 64-bit)
  • SUN Solaris™ Version 10 on x86 (32-bit)
  • SUN Solaris™ Version 10 on x86_64 (AMD64) (32-bit & 64-bit)
  • Compaq Tru64™ Versions 4.0D, 5.0, 5.1, 5.1A & 5.1B (64-bit)
  • IBM AIX™ Versions 5.1, 5.2 & 5.3 on PowerPC (32-bit & 64-bit)
  • i5/OS v5r3 or later on IBM Series i (32-bit & 64-bit)
  • Hewlett Packard HP/UX™ Versions 11 & 11i v1 or v2 on PA-RISC (32-bit & 64-bit)
  • Hewlett Packard HP/UX™ Version 11i v2 on Itanium (IA-64) (32-bit & 64-bit)
  • Red Hat Linux Version 7.2 or later on x86 (32-bit)
  • Red Hat Enterprise Linux (RHEL) Version 3 on x86 (32-bit)
  • Red Hat Enterprise Linux (RHEL) Version 4 on x86_64 (AMD64 / EM64T) (32-bit & 64-bit)
  • Red Hat Enterprise Linux (RHEL) Version 4 on PowerPC (e.g. IBM iSeries / pSeries) (32-bit & 64-bit)
  • SuSE Linux Enterprise Server (SLES) Version 8 on x86 (32-bit)
  • SuSE Linux Enterprise Server (SLES) Version 9 on x86_64 (AMD64 / EM64T) (32-bit & 64-bit)
  • SuSE Linux Enterprise Server (SLES) Version 9 on PowerPC (e.g. IBM iSeries / pSeries) (32-bit & 64-bit)
 

 

 
Summary of Features & Benefits

 

The following list summarises the features and benefits of this Secure Client :

  • Implemented in a modular manner, allowing extensibility with other (optional) add-on products.
  • Uses native operating system packaging tools, for easy deployment.
  • Allows users to logon from any operating system supported with a single common identity so that they can access applications using the credentials obtained during the logon.
  • Based on the Kerberos standards for security interoperability with Microsoft Windows 2000, XP or 2003 Server based deployments.
  • Interoperable and compatible with Open Source implementations of the Kerberos protocol.
  • Can be used for Secure Single Sign-On or Secure Reduced Sign-On.
  • User authentication during operating system logon using XDM (UNIX), Network Provider (Windows) or GINA (Windows NT). Also, a UNIX PAM module will be available soon ...
  • Two-factor user authentication using RSA SecurID®, VASCO Data Security Digipass™ or Secure Computing SafeWord™. Other authentication technologies (e.g. biometrics, more token cards) are planned to be supported later in 2004.
  • Supports a Smart Card based logon to the operating system, and then allows the Kerberos credentials issued to be used for secure access to Kerberos enabled applications. This capability requires the Public Key Option Pack.
  • Supports access to Public Key certificates and keys using the Virtual Smart Card without the need for any additional hardware.
  • Credential Cache Management via task bar (Windows) or command line tools (UNIX).
  • Supports DES and 3DES encryption, and also SHA-1, MD5 and CRC checksum algorithms. Also, RC4-HMAC and AES will be available in the next release of this product, expected in March/April 2004.
  • Uses the same (standard) password change protocol supported by Microsoft Active Directory and TrustBroker Security Server.

 

 
 

 

Copyright © 2002-2006 CyberSafe Limited. All rights reserved • Trademarks & Legal InformationPrivacy PolicyReport Email Spam