Security: Authentication

Security support and updates

• Get the latest security updates

• Does a specific CVE affect Red Hat?

• Ask a question about a security vulnerability

• Report a security vulnerability

• How we measure security vulnerabilities

• Security Response Team mission and standards of service

Authentication is the process of confirming that something is authentic and, in particular, that users are who they claim to be. Authentication, therefore, depends on an authoritative collection of user's identities, provided by identity management.

The most common means of verifying a user's identity is by a password, though other means may supplement or replace a password. Typically, users' identities are authenticated to let them do something, like log in to a system. Successful authentication grants the ability to do something (which is called authorization and is sometimes confused with authentication).

In a heterogeneous environment with different systems and applications, user authentication and authorization should grant consistent rights in all contexts. This is generally accomplished by using users' roles, defined by their identity information, to determine their rights. For example, users with the role of guest would have minimal rights to view or modify system information.

Learn more

• SSSD: Abstracted access to identity and authentication providers.

• PAM: Install and manage up-to-the-minute security updates.

• Red Hat® Directory Server: Centralized repository for your identity and user information.

• JBoss® Enterprise Business Rules Management System (BRMS): Business policy and rules development, access, and change management.