实现多因素身份验证的系统应该对不同的因素使用不同的底层安全机制。
The systems implementing multifactor authentication should make sure that they use different underlying security mechanisms for different factors.
这会带来几个问题:如果恶意用户攻破了底层安全机制本身,那么会怎么样?
This brings up a few questions: What if a malicious user hacks the underlying security mechanism itself?
Kerberos是通过GSS - API使用的最流行的底层安全机制。
Kerberos is the most popular underlying security mechanism available with GSS-API.
这种技术组合可以降低使用相同底层安全机制实现多因素身份验证解决方案的风险。
This combination helps reduce the risks associated with systems exercising multifactor authentication solutions using the same underlying security mechanism.
通过使用GSS - API,系统可以对多因素身份验证的不同因素使用不同的底层安全机制。
With GSS-API, these systems can be designed to make use of different underlying security mechanisms for different factors of the multifactor authentication.
大多数实现多因素身份验证和多层身份验证的解决方案使用相同的底层网络安全机制。
Most of the solutions exercising multifactor as well as multi-layer authentication make use of the same underlying network security mechanism.
GSSAPI缺少一个获取凭证的登录接口;它仅在底层的安全机制中查询调用主体的凭证。
GSSAPI lacks a login interface for acquiring credentials; it merely queries the underlying security mechanism for credentials for the calling principal.
GSSAPI提供了一个标准的通用接口,通过该接口安全应用程序可以使用多种底层的安全机制。
GSSAPI offers a standard generic interface through which a secure application can use multiple underlying security mechanisms.
尽管多因素身份验证和多层身份验证是有优势的,但是大多数解决方案使用相同的底层网络安全机制实现它们。
Despite its advantages, most of the solutions exercising multifactor as well as multi-layer authentication make use of the same underlying network security mechanisms.
注意,标志(token)是隐性二进制数据,只有底层安全性机制才需要能够解释它们。
Note that the tokens are opaque binary data, and only the underlying security mechanism needs to be able to interpret them.
安全交换机所在的内部网存在的一个显著问题就是网络链路协议不可控,使得任何遵守标准协议的网络访问在底层机制上都是合法的。
A notable problem is raised that the data link can not be controlled; therefore any access following the standard Ethernet data link layer protocol is recognized as legal.
安全交换机所在的内部网存在的一个显著问题就是网络链路协议不可控,使得任何遵守标准协议的网络访问在底层机制上都是合法的。
A notable problem is raised that the data link can not be controlled; therefore any access following the standard Ethernet data link layer protocol is recognized as legal.
应用推荐