| The technology in telecom field is developed at a tremendous pace in the world today. More complicated environment and bigger size of the software means more requirements for the functions of the network management system. As an important part of the network management system, the security management is meeting a serious challenge.Firstly, this paper analyses and compares the popular authentication technology and some access models.Secondly, the basic rules and application methods of LDAP have been introduced. Based on them, the combination of LDAP and Role-Based Access Model has been tried.Furthermore, PAM(Pluggable Authentication Modules) and JAAS have been involved to provide a standard interface for the programming of authentication and authorization.Finally, with all the technology mentioned before, the security module of MetarOSS EOMS(Electronic Operation and Maintenance System) has been designed, and implemented.The security module can be divided into two parts. One is the authentication part, it uses the PAM architecture to make the part more extensible. Another is the authorization part, it uses the Role-based Access Model to be more adaptive for the enterprise control and can be very flexible and convenient.Another important thing is use of LDAP directory service, the way which the user and organization information be organized is very like the one used in the real world, so the operation of person management is not complicated any more. |
PDF Full Text Request