Sales Tel: +63 945 7983492  |  Email Us    
SMDC Residences

Air Residences

Features and Amenities

Reflective Pool
Function Terrace
Seating Alcoves

Air Residences

Green 2 Residences

Features and Amenities:

Wifi ready study area
Swimming Pool
Gym and Function Room

Green 2 Residences

Bloom Residences

Features and Amenities:

Recreational Area
2 Lap Pools
Ground Floor Commercial Areas

Bloom Residences

Leaf Residences

Features and Amenities:

3 Swimming Pools
Gym and Fitness Center
Outdoor Basketball Court

Leaf Residences

Contact Us

Contact us today for a no obligation quotation:


+63 945 7983492
+63 908 8820391

Copyright © 2018 SMDC :: SM Residences, All Rights Reserved.


































































000-886 dumps with Real exam Questions and Practice Test - smresidences.com.ph

Great Place to download 100% free 000-886 braindumps, real exam questions and practice test with VCE exam simulator to ensure your 100% success in the 000-886 - smresidences.com.ph

Pass4sure 000-886 dumps | Killexams.com 000-886 real questions | http://smresidences.com.ph/

000-886 IBM Tivoli Monitoring v5.1.1 to v5.1.2 Implementation

Study Guide Prepared by Killexams.com IBM Dumps Experts

Exam Questions Updated On :



Killexams.com 000-886 Dumps and Real Questions

100% Real Questions - Exam Pass Guarantee with High Marks - Just Memorize the Answers



000-886 exam Dumps Source : IBM Tivoli Monitoring v5.1.1 to v5.1.2 Implementation

Test Code : 000-886
Test Name : IBM Tivoli Monitoring v5.1.1 to v5.1.2 Implementation
Vendor Name : IBM
: 152 Real Questions

That was incredible! I got actual test questions contemporary 000-886 examination.
I have recently passed the 000-886 exam with this bundle. This is a great solution if you need a quick yet reliable preparation for 000-886 exam. This is a professional level, so expect that you still need to spend time playing with - practical experience is key. Yet, as far and exam simulations go, killexams.com is the winner. Their exam simulator really simulates the exam, including the specific question types. It does make things easier, and in my case, I believe it contributed to me getting a 100% score! I could not believe my eyes! I knew I did well, but this was a surprise!!


in which can i am getting assist to put together and clear 000-886 examination?
I would potentially propose it to my partners and accomplices. I got 360 of imprints. I used to be enchanted with the results I got with the help study guide 000-886 exam course material. I normally thought true and intensive studies were the reaction to all or any exams, till I took the assistance of killexams.com brain dump to pass my exam 000-886. Extremely fulfill.


what's easiest way to skip 000-886 exam?
I effectively comprehended the troublesome subject matters like Delivery Competence and Content Expertise effects from killexams. I successfully marks 90% marks. All credit to killexams.com. I became looking for a reference guide which helped me in making plans for the 000-886 exam. My occupied calendar just approved me to more time of hours with the aid of one manner or any other. By booking and procuring the killexams.com Questions/Answers and exam simulaotr, I were given it at my entryway project interior one week and started planning.


Observed maximum 000-886 Questions in Latest dumps that I prepared.
This 000-886 dump is terrific and is in reality certainly well worth the cash. I am now not loopy about shopping stuff like that, but since the exam is so high priced and traumatic, I decided itd be smarter to get a protection internet, which means this package. This killexams.com sell off is surely right, the questions are legitimate and the solutions are accurate, which i havedouble checked with some friends (every so often exam dumps provide you with wrong answers, however now notthis one). All in all, I handed my exam simply the way I hoped for, and now I advise killexams.com to everyone.


definitely examine these current dumps and success is yours.
In recent times i bought your certification package deal and studied it very well. Closing week I handed the 000-886 and received my certification. killexams.com exam simulator modified into a first rate device to put together the exam. That more my confidence and i resultseasily passed the certification exam! Quite encouraged!!!


Is there 000-886 exam new sayllabus?
The killexams.com dump is straightforward to apprehend and sufficient to put together for the 000-886 exam. No different test dump I used in conjunction with the Dumps. My heartfelt thanks to you for creating such an enormously effective, simple material for the hard exam. I never thought I may want to pass this exam easily without any tries. You people made it take place. I spoke back 76 questions maximum correctly within the real exam. thank you for offering me an revolutionary product.


I want real exam questions modern 000-886 examination.
i am now not an aficionado of on line killexams.com, in light of the fact that theyre regularly posted via flighty people who misdirect I into studying stuff I neednt trouble with and missing things that I certainly need to realize. notkillexams.com . This company offers completely massive killexams.com that assist me conquer 000-886 exam preparation. this is the way by means of which I passed this exam from the second try and scored 87% marks. thanks


these 000-886 questions and answers provide proper expertise of subjects.
My view of the 000-886 test price guide was negative as I always wanted to have the preparation by a test method in a class room and for that I joined two different classes but those all seemed a fake thing for me and I quit them immediately. Then I did the search and ultimately changed my thinking about the 000-886 test samples and I started with the same from killexams. It really gave me the good scores in the exam and I am happy to have that.


Feeling difficulty in passing 000-886 exam? bank is here.
Im confident to endorse killexams.com 000-886 questions answers and exam simulator to all and sundry who prepares to take their 000-886 exam. This is the maximum up to date coaching facts for the 000-886 to be had online as it actually covers whole 000-886 exam, This one is in truth appropriate, which im able to vouch for as I passed this 000-886 exam closing week. Questions are updated and accurate, so I didnt have any problem within the path of the exam and were given right marks and that i especially recommend killexams.com


simply those 000-886 ultra-modern dumps and take a look at manual is needed to pass the take a look at.
Positioned out this particular supply after a long time. Absolutely everyone here is cooperative and able. Crew provided me very goodmaterial for 000-886 training.


IBM IBM Tivoli Monitoring v5.1.1

IBM offers Tivoli Monitoring for Amazon cloud deployments | killexams.com Real Questions and Pass4sure dumps

How collaboration apps foster digital transformation

IBM presents hosted Tivoli monitoring for the midmarket | killexams.com Real Questions and Pass4sure dumps

IBM is providing a hosted version of its Tivoli monitoring application for companies that would fairly pay a subscription payment than license the product for on-premise use, IBM turned into set to announce Tuesday.

The service, called Tivoli reside Monitoring services, lets agencies retain tabs on between 25 and 500 IT components, reminiscent of servers, operating programs, digital machines and applications. it is centered above all at midsized agencies, in addition to departments within higher corporations.

corporations deserve to be warned if a vital utility is set to crash or slows down, and services like this goal to achieve that through sending an alert to IT workforce when server reminiscence gets low, as an instance, or the response time for a web web page drops below a certain stage.

The IBM service is available in two types. One uses software brokers to video display operating methods, digital machines and applications corresponding to databases or packaged application similar to Microsoft alternate. That service expenses US$58 monthly for each and every useful resource monitored, IBM referred to.

The different is an agentless carrier, priced at $forty four per resource per month, for monitoring hardware contraptions, operating systems, internet websites and SNMP signals.

both capabilities carry a one-time setup payment of $6,500 per client. IBM is also providing an not obligatory reporting service, for a month-to-month charge of $15 per useful resource, which offers ancient information for tasks corresponding to troubleshooting and predicting skill needs.

“It’s all about providing business-grade monitoring capabilities to consumers without them having to installation hardware or configure utility,” referred to Dennis Quan, director of construction for autonomic computing with IBM’s application group. “they could sign up for Tivoli are living Monitoring features and all of the monitoring smarts reside up in the IBM cloud.”

IBM started offering the carrier within the U.S. closing month, in accordance with an organization blog submit, although it didn’t announce it unless Tuesday. The carrier is additionally being offered in different markets, starting with Canada, the U.k., Australia, New Zealand, Hong Kong, Singapore, South Africa and the Nordic international locations.

It’s the newest circulate by IBM to are trying to increase earnings of its utility in the course of the cloud. IBM offers a few products on Amazon internet features, and last week it made Tivoli Monitoring purchasable on Amazon’s Elastic Compute Cloud to music circumstances of its utility working on that provider.

IBM officials have admitted that their Tivoli express items for the midmarket “haven’t executed in addition to they could have,” and the on-demand model provides IBM with a further approach to reach smaller organizations, RedMonk analyst Michael Coté wrote in a blog put up about the new provider.

“The problem for Tivoli (and IBM in established) is always relocating down-market and knowing how to get their fingers deep sufficient in that pie,” he wrote. He counseled IBM for being open about its pricing.

a couple of smaller corporations already present hosted monitoring capabilities, such as Accelops, InteQ and ManageEngine, which is a part of Zoho. larger vendors, together with Microsoft and BMC application, are also establishing capabilities or have them already, Coté stated.

The IBM products in the back of the capabilities are Tivoli Monitoring 6.2.1, Tivoli Monitoring for Microsoft applications 6.2, and Tivoli Composite utility supervisor for purposes 6.2.


Monitoring tools Profile: IBM Tivoli Monitoring | killexams.com Real Questions and Pass4sure dumps

always at or near the excellent of the massive leagues in server management and monitoring, IBM Tivoli Monitoring represents an ongoing effort to harness enterprise-degree monitoring right into a unified framework (Tivoli administration Framework). Tivoli Monitoring 5.1 combines the capacity of two old items: IBM Tivoli allotted Monitoring and IBM Tivoli web element supervisor. It continues to increase the benefits of using a web-based (IP) method, corresponding to featuring a single aspect of entry in the course of the Tivoli Monitoring fitness console, and it enhances IBM's push into proactive monitoring and repair potential.

When it comes to server administration and monitoring, IBM Tivoli Monitoring at all times is available in at or close the excellent of the large leagues. The product suite is big Blue's ongoing effort to harness business-degree monitoring right into a unified framework.

Tivoli Monitoring is really a line of items within a huge suite of administration application that IBM sells under the Tivoli manufacturer. despite the fact the Tivoli Monitoring items can operate independently of the higher suite, they're intended to work with and complement those products. the important thing product in the Tivoli Monitoring line is Tivoli Monitoring, which gives the simple software. inside that, several items are targeted at specific areas of monitoring. as an instance,

Tivoli items, A Sampling

Product supposed Use Tivoli Monitoring for functions SAP and Siebel functions Tivoli Monitoring for Databases IBM DB2, Microsoft SQL Server, Oracle, Sybase, and IBM Informix database servers Tivoli Monitoring for enterprise Integration IBM WebSphere MQ environments Tivoli Monitoring for Messaging and Collaboration IBM/Lotus Domino and Microsoft change servers Tivoli Monitoring for net Infrastructure net servers and utility servers Tivoli Monitoring for Microsoft .internetMicrosoft middleware add-ons similar to BizTalk and Commerce servers

there's additionally Tivoli Monitoring for network performance, which is a a little bit distinct animal and is geared toward monitoring and optimizing community and information superhighway transaction efficiency.

crucial to keep in mind is that Tivoli NetView, a product no longer in the Tivoli Monitoring line, provides in-depth community monitoring, and several of the Tivoli Monitoring items require Tivoli Framework. conclusion-to-conclusion, the Tivoli line-up is enormous adequate to require a satisfactory amount of time be set apart to determine which items apply to a particular condition, and an IBM consultant or earnings representative is a legit supply for support guidance the path.

part of the task in becoming Tivoli products to an organization have to even be according to the requirements of the utility architecture. This consists of: Tivoli area administration servers operating simple Tivoli Monitoring utility and potentially other Tivoli management classes (e.g., Tivoli records Warehouse and Tivoli company techniques manager); Tivoli gateway/node software that aggregates and routes monitoring traffic as well as operates the heartbeat feature (a scheduled poll of a must have aid repute); and Tivoli endpoints, which can be customarily the physical gadgets (servers and operating programs) being monitored. despite the fact Tivoli provides excellent tools for the distribution and deployment of the application, cautious selection of software placement and configuration is crucial.

Tivoli Monitoring is essentially a Java-based mostly software (and for that reason requires the Java runtime ambiance). It runs on a wide selection of working equipment structures that help Java.

The covered web fitness Console provides administrative entry to Tivoli Monitoring. It highlights the strengths of a web-based method, in particular single log-on from any place in the world and a standardized graphical user interface (via a web browser). in the higher Tivoli context, Tivoli Monitoring can also be administered via the Tivoli enterprise Console and the Tivoli company techniques supervisor.

considered one of Tivoli Monitoring's most distinguishing facets is IBM's ongoing quest to head past simple monitoring to provide automatic (or, in IBM parlance, "autonomic") evaluation and fix. The heart of the method is resource modeling, which has two elements, a dynamic model and a reference model.

The dynamic model is almost an outline of a aid object (e.g., a messaging server). the usage of the commonplace counsel mannequin (CIM) or Microsoft's variant WIM, it is an aggregation of actual homes (comparable to reminiscence capability and CPU utilization) that can also be monitored on a given equipment. Most monitoring occurs through fundamental network administration Protocol (SNMP) or home windows management Instrumentation (WMI) capabilities.

once a resource object is identified and described, a reference model may also be created that specifies the rules of operation for that object. This contains operational logging, expected ranges of performance, baseline metrics, and signatures of numerous difficulty cases. The reference mannequin makes it possible for Tivoli to research rather complex operational problems and take action — both by using sending alerts or making an attempt automatic intervention. a set of resource fashions can be assembled right into a profile, which gives a perspective on these substances. varied profiles can also be developed to look on the system operations from distinct angles.

Taking the reference mannequin further, IBM makes use of Proactive analysis add-ons (PAC) to establish issue signatures, often a mix of particular person monitoring alarms. It offers the potential to deal with time and frequency linked issues, as an example a cache usage rate that fluctuates between overload and regular all over a specific time duration. by combining performance logs with time-honored capacities and anticipated metrics, Tivoli Monitoring will also be knowledgeable (in a sense, programmed) to distinguish between a one-time useful resource issue and a persistent bottleneck.

Tivoli Monitoring products ship with a couple of commonplace aid fashions. The Tivoli Monitoring resource model Builder (previously Tivoli Monitoring Workbench), as an example, provides the ability to edit and create customized aid fashions.

With its subtle capabilities, Tivoli Monitoring is likely to be premier (and liked) the place enormous variety of components ought to be monitored and the place IT capabilities to configure, replace, and refine the analytical and response elements is current. Tivoli Monitoring in reality calls for considerable resources be expended to organize, plan, put into effect, and maintain the monitoring gadget.

establishing a monitoring equipment that with ease crosses working techniques, LANs, WANs, and IP domains for doubtlessly lots of instruments and purposes is not any imply feat. IBM is amongst simplest a handful of carriers (including HP, BMC, and computer acquaintances) that has the wherewithal and business reach to drag it off. then again, it has taken IBM years to bring the Tivoli products nearer to an built-in structure. due to the internet and IP, a level of consolidation and unification has been possible that wasn't earlier than, and Tivoli administration 5.1 is a very good indication of the path server equipment monitoring is taking.

consumer support for Tivoli is purchasable through mobilephone, and on-website, as well as via training, consumer agencies, on-line boards, IBM's expertise base, newsletters, developer domain, and email.

Server Monitoring tools MatrixTivoli Monitoring

Full Product nameIBM Tivoli monitoringedition5.1.2 supplier IBM Description Suite of items protecting a wide array of monitoring targets (apps, databases, internet, community, and business integration) whose power is in its potential to correlate and analyze monitoring results to discover, and in some situations appropriate, complications. systems AIX, HP-UX, Linux, OS/four hundred, Solaris, windows NT four.0, home windows 2000, and windows Server 2003 Pricing Core Tivoli Monitoring Product: $seven hundred per CPU, plus Tivoli Monitoring product for certain targetsOther Tivoli products (also bought on a per-processor license basis):Tivoli Monitoring for applications, $1,315Tivoli Monitoring for Databases, $1,050Tivoli Monitoring for Messaging and Collaboration, $500Tivoli Monitoring for company Integration, $1,260Tivoli Monitoring for internet Infrastructure, $1,315Tivoli Monitoring for client equipment, $50Tivoli Monitoring for network performance, $6,200Tivoli Monitoring for Microsoft .web, $1,000  

Tivoli Monitoring

Product 2

actual-Time monitoringphysical statusTemperature     Chassis Integrity     vigour give     Fan speed     Server functionalitySNMP trackingYes   difficult Disk utilizationYes      - data Open/proprietor sure/yes      - File Existence monitor yes     - File size display screen (e.g. Log info) sure   memory usageYes   CPU usageYes   Cache usageYes   strategies (count) yes   services monitoringDNS sure   HTTP/HTTPS sure/sure   FTP sure   Telnet yes   NNTP yes   SMTP, POP3, or IMAP sure/yes/sure   custom Port trackingYes   Server kinds Supported cyber webYes   Database sure (MS SQL Server, IBM DB2, Oracle, Sybase, and Informix)   File and community IBM Tivoli NetView   Communications yes (MS change and Lotus Domino)   different Microsoft .web   community monitoringnetwork Throughput     existing Logons     Failover/Cluster Monitoring     other network Monitoring features     web web site monitoringHit expense     page content material Verification     Database Connection Verification sure   Cache fee(s) sure   safetyIntrusion trackingpurchasable in different IBM Tivoli products   Login Error monitoringavailable in different IBM Tivoli products   other security Monitoring aspects available in other IBM Tivoli products   administrationDashboard (or different Overview screen)   sure   faraway or cyber web Monitoring   sure/sure   display screen viewsdomain yes   Workgroup sure   user-described neighborhood sure   Alert Modes e-mail yes   telephone (Land Line or mobile phone) yes/No   Pager sure   network Alert yes   SMS sure   Escalating Alert tiers assist   yes   Alert assorted americans   yes   Designate by way of classification of Alert   yes   Polling/Monitoring Interval   yes   consumer Configurable Monitoring Intervals   sure (per gadget)   Corrective action helpMachine Shutdown or Reboot yes/yes   service Shutdown or Restart yes/sure   process Shutdown or Restart yes/yes   Run Script, EXE, and jobYes/yes/sure   checking out Suite — automated testing aid       ancient trackingLogs   yes   information   yes   Reporting online sure   Print yes   Charts or Graphs sure/yes   evaluation   yes     other         different         other         different        

While it is hard errand to pick solid certification questions/answers assets regarding review, reputation and validity since individuals get sham because of picking incorrectly benefit. Killexams.com ensure to serve its customers best to its assets as for exam dumps update and validity. The greater part of other's sham report objection customers come to us for the brain dumps and pass their exams cheerfully and effortlessly. They never bargain on their review, reputation and quality because killexams review, killexams reputation and killexams customer certainty is imperative to us. Extraordinarily they deal with killexams.com review, killexams.com reputation, killexams.com sham report grievance, killexams.com trust, killexams.com validity, killexams.com report and killexams.com scam. On the off chance that you see any false report posted by their rivals with the name killexams sham report grievance web, killexams.com sham report, killexams.com scam, killexams.com protestation or something like this, simply remember there are constantly terrible individuals harming reputation of good administrations because of their advantages. There are a great many fulfilled clients that pass their exams utilizing killexams.com brain dumps, killexams PDF questions, killexams questions, killexams exam simulator. Visit Killexams.com, their example questions and test brain dumps, their exam simulator and you will realize that killexams.com is the best brain dumps site.

Back to Braindumps Menu


000-543 practice test | C9050-548 real questions | 920-136 pdf download | MOS-O2K Practice test | 1Z0-878 practice exam | 642-145 test prep | C2050-219 examcollection | IBQH001 practice questions | CAT-220 free pdf | VCS-254 braindumps | HP0-M57 dumps questions | 000-SS2 questions answers | EE0-513 real questions | P2080-088 real questions | PW0-250 dump | 000-427 exam prep | E20-665 dumps | 132-S-916-2 free pdf | 000-807 test prep | LOT-442 brain dumps |


Dont Miss these IBM 000-886 Dumps
Just go through their Questions bank and feel confident about the 000-886 test. You will pass your exam at high marks or your money back. Everything you need to pass the 000-886 exam is provided here. They have aggregated a database of 000-886 Dumps taken from real exams so as to give you a chance to get ready and pass 000-886 exam on the very first attempt. Simply set up their Exam Simulator and get ready. You will pass the exam.

We have Tested and Approved 000-886 Exams. killexams.com provides the most accurate and latest IT exam materials which almost contain all knowledge points. With the aid of their 000-886 study materials, you dont need to waste your time on reading bulk of reference books and just need to spend 10-20 hours to master their 000-886 real questions and answers. And they provide you with PDF Version & Software Version exam questions and answers. For Software Version materials, Its offered to give the candidates simulate the IBM 000-886 exam in a real environment. killexams.com Huge Discount Coupons and Promo Codes are as under;
WC2017 : 60% Discount Coupon for all exams on website
PROF17 : 10% Discount Coupon for Orders greater than $69
DEAL17 : 15% Discount Coupon for Orders greater than $99
DECSPECIAL : 10% Special Discount Coupon for All Orders
Click http://killexams.com/pass4sure/exam-detail/000-886

killexams.com helps millions of candidates pass the exams and get their certifications. They have thousands of successful reviews. Their dumps are reliable, affordable, updated and of really best quality to overcome the difficulties of any IT certifications. killexams.com exam dumps are latest updated in highly outclass manner on regular basis and material is released periodically. Latest killexams.com dumps are available in testing centers with whom they are maintaining their relationship to get latest material.

The killexams.com exam questions for 000-886 IBM Tivoli Monitoring v5.1.1 to v5.1.2 Implementation exam is mainly based on two accessible formats, PDF and Practice questions. PDF file carries all the exam questions, answers which makes your preparation easier. While the Practice questions are the complimentary feature in the exam product. Which helps to self-assess your progress. The evaluation tool also questions your weak areas, where you need to put more efforts so that you can improve all your concerns.

killexams.com recommend you to must try its free demo, you will notice the intuitive UI and also you will find it very easy to customize the preparation mode. But make sure that, the real 000-886 product has more features than the trial version. If, you are contented with its demo then you can purchase the actual 000-886 exam product. Avail 3 months Free updates upon purchase of 000-886 IBM Tivoli Monitoring v5.1.1 to v5.1.2 Implementation Exam questions. killexams.com offers you three months free update upon acquisition of 000-886 IBM Tivoli Monitoring v5.1.1 to v5.1.2 Implementation exam questions. Their expert team is always available at back end who updates the content as and when required.

killexams.com Huge Discount Coupons and Promo Codes are as under;
WC2017 : 60% Discount Coupon for all exams on website
PROF17 : 10% Discount Coupon for Orders greater than $69
DEAL17 : 15% Discount Coupon for Orders greater than $99
DECSPECIAL : 10% Special Discount Coupon for All Orders


000-886 | 000-886 | 000-886 | 000-886 | 000-886 | 000-886


Killexams 3M0-700 real questions | Killexams 000-421 dumps questions | Killexams VCS-252 braindumps | Killexams 000-595 Practice test | Killexams JN0-411 VCE | Killexams C2020-011 study guide | Killexams 9L0-827 examcollection | Killexams C9020-560 test prep | Killexams 000-M194 real questions | Killexams 000-195 study guide | Killexams FN0-100 Practice Test | Killexams 050-864 cram | Killexams 9A0-094 test prep | Killexams 000-070 practice questions | Killexams HP0-S14 braindumps | Killexams 000-G01 study guide | Killexams HPE2-Z39 free pdf | Killexams 500-551 dump | Killexams 000-175 brain dumps | Killexams MB5-626 exam questions |


killexams.com huge List of Exam Braindumps

View Complete list of Killexams.com Brain dumps


Killexams A2040-410 free pdf download | Killexams VMCE_V8 test prep | Killexams 000-089 Practice Test | Killexams 000-N37 practice test | Killexams 312-50v7 study guide | Killexams 190-753 braindumps | Killexams HP0-728 dumps questions | Killexams 1Z0-546 real questions | Killexams 1Z0-132 test prep | Killexams 000-278 free pdf | Killexams EX0-111 cheat sheets | Killexams 000-223 exam prep | Killexams HP2-K08 braindumps | Killexams 6401-1 free pdf | Killexams P2060-001 braindumps | Killexams BH0-013 examcollection | Killexams 300-160 practice questions | Killexams HP2-T19 free pdf | Killexams PK0-004 study guide | Killexams 70-462 sample test |


IBM Tivoli Monitoring v5.1.1 to v5.1.2 Implementation

Pass 4 sure 000-886 dumps | Killexams.com 000-886 real questions | http://smresidences.com.ph/

IBM to Support BPEL-Based Web Services on iSeries in Q3 | killexams.com real questions and Pass4sure dumps

Last week, IBM shuffled its WebSphere deck and issued new releases of its core Web services development and delivery platform. The newly named product, WebSphere Business Integration Server Foundation (WBISF) version 5.1, allows companies to implement and deliver “services-oriented” applications assembled in Business Process Execution Language (BPEL) using WebSphere Studio Application Developer (AD) Integration Edition V5.1, which was also announced and shipped last week. IBM issued a statement of direction to support WBISF on OS/400 this summer.

Before they get into the details, let’s get the WebSphere names straight. IBM has done a little spring cleaning with its WebSphere product line, which they can only assume was to streamline the brand and make it easier to understand. To wit, WBISF V5.1 is the follow-on product to WebSphere Application Server Enterprise V5.0. Also announced last week was WBISF for Developers V5.1, which is identical to WBISF 5.1 except it’s designed specifically for the testing environment. WBISF for Developers V5.1 is the follow-on product to WebSphere Application Server Enterprise for Developers V5.0. Guild Companies is not aware of any name changes effecting WebSphere Studio AD Integration Edition V5.1.

WBISF provides a superset of IBM software tools for the purpose of developing and deploying Web services. As such, WBISF includes all of the features available in WebSphere Application Server Network Deployment V5.1, including J2EE 1.3 support, Web Services Gateway, IBM Tivoli Performance Viewer, clustering, and workload management support. Additionally, WBISF provides a runtime environment for BPEL for Web Services business processes, business rules, application adapters, and other programming model extensions, built with WebSphere Studio Application Developer AD Integration Edition V5.1; the two products go hand in hand.

With the version 5.1 release, the combination of WBISF and WebSphere Studio AD Integration Edition provides the user with handy new programming capability, including: BPEL version 1.1 support; “human workflow” support (when machine-to-machine BPEL connections just aren’t enough); support for “business rule” beans (for customizing business processes with Java and BPEL); and J2EE programming model extensions, which add things like extended messaging, dynamic querying, and internationalization to WBISF applications.

WebSphere Studio AD Integration Edition 5.1 also includes some other new capabilities, including enhancements to the BPEL debugger, new visual condition builder to direct the execution of BPEL processes, and automated migration of process flows created with WebSphere Studio AD Integration Edition V5.0 to BPEL. In addition, both WebSphere Studio AD Integration Edition 5.1 and WBISF 5.1 both provide full support for all the new features introduced in WebSphere Studio AD V5.1.1, which includes support for Workbench V2.1.2, support for building Web Services Interoperability compliant Web services, and support for Java development kit 1.4.1.

IBM’s Software Group is also bringing Web services and BPEL execution to its iSeries and zSeries servers. In a statement of direction, IBM committed to deploying WBISF 5.1 on z/OS during the second quarter of the year, and on OS/400 during the third quarter. The product is already supported on Linux running on those two server platforms.

IBM also stated that it intends to support two add-on modules to WBISF 5.1 and its development side-kick (WebSphere Studio AD Integration Edition 5.1) during the second half of the year. These add-on modules are WebSphere Business Integration Modeler, which will be used to model, analyze, and report on business processes occurring on WBISF, and WebSphere Business Integration Monitor, which features visual dashboards and provides a real-time view into business process flow.

WBISF 5.1 is now available for Windows, Unix, and Linux operating systems. WebSphere Studio AD Integration Edition V5.1, which runs on Windows and Linux workstations, is also now available.


Technology Innovator Awards: All The Nominees | killexams.com real questions and Pass4sure dumps

Application Infrastructure

ACT ACT! 2005 and ACT! 2005 Premium for WorkgroupsAltiris Altiris ProtectAmerican Presence PresenceBEA BEA WebLogic Server Process EditionBladeLogic BladeLogic Operations Manager 2005BMC Software SLM Express (version 1.4)BMC Batch Impact ManagerCitrix Citrix MetaFrame Access SuiteComputer Associates Unicenter SQL-StationCompuware Compuware Application Reliability Solution 4.1Datawatch Monarch Data Pump V7EDU Business Solutions Print Shop Pro WebdeskElitegroup Computer System, USA EZ-Buddie2Hewlett-Packard HP OpenView Operations for WindowsiAnywhere solutions Answers AnywhereIBM WebSphere Business Integration Server ExpressDB2 UDB V8.2WebSphere Business Integration Modeler Version 5DB2 Content Manager Express Edition V8.2IBM WebSphere Business Integration Server FoundationWebSphere Studio Site Developer V 5.1.2 and WebSphere Studio Application Developer V 5.1.2WebSphere Studio2 Site Developer V 5.1.DB2 Information Integrator Masala VersionIBM Tivoli Monitoring for Transaction Performance v5.3IBM Tivoli DB2 Content Manager Express Edition V8.2IBM Tivoli Provisioning Manager 2.1JBoss JBoss 4.0LANDesk LANDesk Management Suite 8, Version 8.1Macromedia Macromedia Flash MX Professional 2004Magic Software iBOLT Integration SuiteNarus Narus IP PlatformNetIQ NetIQ's AppManager SuiteNovell Novell exteNd 5.2OKI Data OKI Managed ServicesOpenLink Software Virtuoso 3.5Oracle Oracle Grid ControlPicciano and Scahill LawOffice ProPopkin Software System ArchitectProgress Progress OpenEdge Release 10Redline Networks E|X 3670 enterprise application processor (or application front end)SnapXT SnapXTSoftricity SoftGrid Enterprise EditionSonic Software Sonic ESB 5.5Unicru Unicru Casual Dining SolutionUnicru Independent Grocers SolutionUnicru Total Workforce Acquisition solutionUnicru Total Workforce Acquisition for TruckingVenali Venali Internet Fax Web ServicesVeriSign VeriSign Anti-Phishing SolutionVmware VMware VirtualCenterVMware GSX Server 3VMware Workstation 4.5Wyse Technology Wyse Rapport V4.4

Client Devices

Ace Computers Vision DesktopAMD Mobile AMD Athlon 64 processor 3400+Elitegroup Computer Systems G900Eurocom Corporation EUROCOM PhantomFujitsu Computer Systems LifeBook P7000 NotebookHewlett-Packard HP Compaq Rugged Tablet PC tr3000HP Rugged Notebook nr3600HP Compaq Business Notebook nx9500HP Compaq Business Notebook nc6000HP iPAQ h6315 Pocket PCIBM IBM WebSphere Studio Application Developer V5.1.2IBM ThinkCentre S50IBM ThinkPad X40Motion Computing M1400 Tablet PC with View AnywhereDisplaySymbol technologies Symbol MC 9000 SeriesToshiba Digital Products Toshiba QosmioE15-AV101 Notebook PCToshiba Tecra M2-S5392Toshiba Portg M200 Tablet PCWyse Technologies Wyse Winterm S30Wyse Winterm S50Xplore Technologies iX104R

Enterprise Software

Actuate Actuate 8Akonix Systems Akonix L7 EnterpriseAntepo OPN Client for BlackBerryAutodesk Autodesk Map 3DAutonomy AudentifyBest Software MAS 90 version 4.0Computer Associates Unicenter Desktop DNAComverse Comverse FunDialepicor Epicor for Service Enterprises 8.1Vantage 8.0ePlus Spend+Manage+Content+F5 Networks HiPath OpenScape 2.0Fast Search and Transfer FAST ESPFuture Tech Enterprise ContractOneHewlett-Packard HP OpenView Business Process InsightHP OpenView Operations for WindowsHyland Software OnBase Application EnablerHyperion Hyperion Performance Suite 8.2HyperRoll 4.0 HyperRoll 4.0IBM LotusIBM Lotus Workplace Web Content Management 2.0IBM Lotus Instant Messaging and Web Conferencing 6.5.1Imlogic IM Manager 6.0intraware Intraware SubscribeNet Channel ManagerITM Software ITM Business SuiteJabber Jabber Messenger 3.0Language Analysis Systems InSite 4.0NameParserMacromedia Macromedia BreezeMacromedia FlexMaximizer Software Maximizer Enterprise 8netsuite NetSuiteNovell Novell ZENworks 6.5Novell GroupWise 6.5 (for Linux)Opsware Opsware System 4.5Polycom Polycom WebOffice 6.0Privia Privia CaptureProClarity ProClarity Analytic Server 5.3Raindance Raindance Meeting EditionResources Connection policyIQ Version 5.2Salesforce.com Salesforce.com Enterprise Edition 2.0Salesnet Salesnet Private Label EditionSAP SAP Business One Version 6.7SAQQARA SAQQARA Commerce Data Management (CDM)for e-Procurement 2.5ScriptLogic Desktop Authority 6.0Siemens Information & communications Networks HiPath OpenScape V2.0Stellent Stellent Site StudioSymantec Symantec DeepSight Threat ManagementSystem 6.0SYSPRO SYSPRO Trade Promotion and Deductions Management SystemTech Image OctetString Virtual Directory Engine 3.0TimberlineElectrical Knowledgebase for Timberline Office Model EstimatingVMware VMware VirtualCenterVMware GSX Server 3WebEx Communications WebEx Meeting CenterWebEx Training CenterWebEx SMARTtechWebEx Event CenterWebTrends WebTrends 7

Linux

Apache Apache BeehiveCanon U.S.A. Multifunctional Embedded Application PlatformExcel Meridian Data Sentry LSS-1400 SATAHewlett-Packard HP Compaq Business Notebooknx5000 w/LinuxMozilla Mozilla Firefox 0.9.3Net Integration Technologies Nitix (Autonomic Linux-Based Server Operating System)NetScout Systems nGenius Express ApplianceNovell SuSE Linux Enterprise Server 9Raritan Computer Raritan's Dominion SXVmware VMware VirtualCenterVMware GSX Server 3VMware Workstation 4.5Wyse Technology Wyse Linux V6 O/S for Thin Clients

Mobility

Airespace Airespace Wireless Location ServerAirgo Airgo True MIMO AGN 100AirMagnet AirMagnet SurveyorAirMagnet Mobile 4.0AirMagnet Distributed 4.0Aplicor Aplicor AirwavesBluesocket BlueSecure Intrusion Protection SystemClearOne Communications Max WirelessD-Link Systems DWL-2200APD-Link Air Premier DWL-2700AP Outdoor 802.11g Access PointEverypath Everypath Mobile Task Automation 6.0Gateway Gateway 7000 Series Wireless Access PointsGood Technology GoodLink 3.0 ziAnywhere Xcellenet Afaria Security ManagerXcellenet Afaria Patch ManagerIBM Websphere Everyplace Mobile PortalWorkplace Client Technology, Micro Edition Version 5.7IOGEAR Wireless-G Broadband GatewayiPass iPassConnect 3.0 service interfaceMacromedia Flash Lite 1.1NEC NEC MobilePro900cNetopia Netopia Hot Spot Starter KitNomadix Nomadix Service EngineNovell Novell ZENworks Handheld Management 6.5Phoenix Technologies Phoenix FirstWare AssistantPowerDsine PowerDsine 3006 MidspanPowerHouse Technologies Group MigoPronto Networks Inspira Wi-Fi Hotspot Network Appliance (formerly called Aprisa)RemotePipes IP RoamerSOHOware AeroGuard MIMO Access PointSonicWall SonicWALL SonicPointSymantec Symantec pcANYWHERE 11.0Symbol Symbol WS 2000 Wireless Switch3Com 3Com Wireless LAN Access Point 7250Trapeze Networks MX-8Wavelink Wavelink Mobile Manager v5.7

Peripherals

APC InfraSruXture with Integrated CoolingBelkin 1100VA Small Enterprise Series UPSBenQ America PE8700+FP231WClearOne Communications AccuMic PCCTX Technology F773P772Eaton, Powerware DivisionPowerware 5125 5000 VAPowerware 5125 6000 VAFujitsu Computer Products of AmericaFujitsu fi-5750CFujitsu ScanSnap scanning solution fi-5110EOXHewlett-Packard HP Officejet 9130 all-in-oneLexmark Lexmark C510 Color Laser PrinterLG Electronics RD-JT30f-EngineMEMORYLINK StrongbowMiglia Technology Director's Cut "Take 2"MSE MSE Research and Technology CenterMSE Patented Ultrasonic Welding technologyMSE Patented Laser Cutting TechnologyNec-Mitsubishi Electronics Displayof America NEC MultiSync LCD2060NXNEC LCD4000eOKI Data OKI C5150nPhilips Philips 230W5Planar Planar DS15iPlanar DS15Raritan Computer Raritan's SwitchMan USBSamsung Electronics AmericaSyncMaster 193PSCX-4100CLP-550NSanyo Denki ASE-H N+1 1-5kVA UPSSharp Sharp LL-151-3D LCD DisplaySony ElectronicsSony SuperLite Series Mobile Projector VPL-CX75Sony PFM-42X1 and Sony EBS-N2003M Touch Systems 3M MicroTouch M170 17"LCD Touch Screen MonitorToshibaTDP-T91UTDP-T90UTDP-SW20UTDP-S20UTDP-TW90UXerox Xerox Phaser 8400 Solid Ink PrinterZvetco Biometrics Verifi "One-touch" Biometric Password Replacement System

Security Products

Aventail Aventail EX-750Aventail EX-1500Barracuda Networks Barracuda Spam Firewall 600BigFix BigFix Enterprise Suite 4.0Black Dragon Software proVizor SRM v2.0BlueCat Networks Meridius Security Gatewayappliance v2.22Check Point Software TechnologiesCheck Point InterSpectCipherTrust IronMail 4.5ClearPath Networks SNAP VPNCommtouch Commtouch Anti-Spam 4.0Computer Associates eTrust Antivirus r7.1eTrust Vulnerability Manager r8Computer Supply NetBotzCrossbeam Systems Crossbeam C30Crossbeam C10Decru Decru DataFort 2.0Enterasys Enterasys NetSight Atlas AutomatedSecurity Manager (ASM)Excel Meridian Data AntiVir for ServersFaceTime RTG500F5 Networks TrafficShield v2.7FirePass Controller v5Fortinet Fortinet FortiWiFi-60FrontBridge Technologies FrontBridge Secure EmailHewlett-Packard HP ProCurve Identity Driven ManagerHP ProtectTools Security Manager with HPCredential ManagerHigh Tower Software TowerViewImlogic IM Manager 6.0Imprivata Imprivata OneSign 2.5internet security systemsProventia M30 Integrated Security ApplianceIP Dynamics dynamicVPNIPLocks Database Security Audit SystemIronPort IronPort C10ITM Software Trend Micro OfficeScan Corporate Edition v6.5Juniper Networks IDP 3.0NetScreen-ISG 2000Juniper Networks NetScreen Remote Access500 AppliancesKaseya Kaseya 2004 Enterprise EditionKaseya KBX4000Lancope StealthWatch 4.1Layer 7 Technologies SecureSpanLPI Level Platforms Managed WorkplaceLumeta Ipsonar 3.0MailFrontier MailFrontier Enterprise Gateway 3.0McAfee McAfee VirusScan Enterprise 8.0iMcDATA SANtegrity Security ServicesMX Logic MX Logic Email Defense Service v. 2.5.6N-able Technologies Security Event Manager 1.5Net6 Net6 Hybrid-VPN Gateway 4.0 (H-VPN)Netbotz Wallbotz 500Netilla Networks Netilla Secure GatewayAppliance-C (SGA-C)NetIQ NetIQ Security Administration Suite 5.0NetIQ Security Manager 5.0NetIQ MailMarshal SMTP 6.0NetIQ Vulnerability Manager 5.0Network Engines Steel-Belted Radius/Global Enterprise Edition ApplianceNS 6000Nortel Networks Nortel Networks Alteon Switched Firewall 6614Novell Novell Nsure Identity Manager 2PivX Solutions PivX's Qwik-Fix ProQ1 Labs QRadar 3.0Radware DefenseProRSA RSA Federated Identity ManagerRSA SecurID for Microsoft WindowsSafeNet SafeEnterprise SSL iGateSana Security Primary Response 2.2SCO SCO Office ServerSecureWave Sanctuary Device Controlservgate EdgeForce AccelSonicWALL SonicWall PRO 5060Sourcefire Sourcefire RNA SensorSt. Bernard Software UpdateEXPERT 6.3StarTech.com Server Remote Control External KVM Control Over IP (SV1110IPEXT)Sybari Software Advanced Spam Manager 8.0Antigen for Instant MessagingAntigen 8.0 for Microsoft Exchange and Sybari Enterprise ManagerSymantec Symantec Gateway Security 5400 SeriesSymantec Client Security 2.03M Touch Systems 3M Privacy MonitorTippingPoint TippingPoint's UnityOne IntrusionPrevention SystemTrend Micro Trend Micro InterScan Web Security Suite v2.0Utimaco Safeware SafeGuard LAN CryptVernier Networks Adaptive Security PlatformWatchGuard WatchGuard Firebox XWebsense Websense Enterprise v5.2Websense Client Policy Manager

Storage

Aberdeen Aberdeen XDASAberNAS by AberdeenAberNAS by AberdeenAberdeen TeraStorus X524Adaptec Adaptec iSA1500 Storage ArrayAsigra Asigra Televaulting for EnterprisesBakbone NetVault Support for MAC OS XNetVault 7Brocade Brocade SilkWorm Multiprotocol RouterCertance Certance CP 3100CMS Products BounceBack Professional Version 6.0ABSplus 100GBComputer Associates BrightStor ARCServe BackupData Domain Data Domain 200EMC EMC CLARiiON AX100Emulex LightPulse LP101EqualLogic PeerStorage Array 100EExabyte VXA-2 PacketLoader 1x10 1UExcel Meridian Data DataShare x21SecurStor 16 SATADataNAS DirectorFalconStor Software FalconStor IPStor EnterpriseEditionFalconStor iSCSI Storage Server for Windows Storage Server 2003 (iSCSI Storage Server)FalconStor VirtualTape Library ApplianceFujifilm Fujifilm 3592 Enterprise Tape CartridgeFujitsu Computer Products of AmericaMHU2100ATMHT-BHMAU3147MAT3300Hewlett-Packard HP OpenView Storage DataProtector 5.5HP OpenView Storage Area Manager v3.2HP StorageWorks Reference Information Storage System HP StorageWorks NAS 1500sModular Smart Array 1500HP ProLiant iSCSI Feature PackHP StorageWorks Modular Smart Array 1500 csHP StorageWorks ESL E-series libraries (models 712e and 630e)Hitachi GST Ultrastar 10k300 hard disk driveIBM The IBM TotalStorage SAN File System V2.1IBM TotalStorage SAN Volume Controller V1.2Intradyn BackAgain Software for WindowsComplianceVault Email Archiving& Retrieval AppliancesRocketVault Backup and Archiving AppliancesIOGEAR COMBO 3.5" ION DriveIomega EV 35GB 1394/FireWire DriveIomega NAS 200dIomega REV 35GB/90GB USB 2.0 driveIomega NAS 100dLeftHand Networks LeftHand SANLG Electronics Super-Multi 12xLiveVault LiveVault Online Backup andRecovery Service, Version 4.3LSI Logic MegaRAID SCSI 320-2EMaxtor Atlas 10K VMaxxan Systems MAXXAN MXV500McDATA SANavigator 4.1Eclipse 1620Miglia MediaBank HS-RNetScout Systems nGenius Performance Management SolutionNetwork Appliance NetApp FAS980NetApp NearStore R200Network Engines Data Management ApplianceNS 8000Nexsan Technologies NEXSAN ATAboy2xNovell Novell iFolder 2.1Onaro SANscreenOverland Storage Overland REO 4000Quantum Quantum DX100 enhanced backup systemSANRAD SANRAD iSCSI V-Switch 2000SEPATON SEPATON S2100-DSSEPATON S2100-ESSony Electronics Sony Electronics Professional Disc for DATA (ProDATA) DriveSony Electronics SAIT-1 DriveStoractive Storactive LiveServ for ExchangeStorageTek Backup Resource MonitorStorageTek Virtual Storage Manager (VSM) 4StorageTek StreamLine SL8500 modular library systemStorageTek StreamLine SL500 modular library systemString Bean Software WinTarget v1.1Sun Microsystems Sun Microsystems StorEdge 6920Sun Microsystems StorEdge 6920Symantec Symantec V2i Protector 2.0SysDM WysDM for BackupsTek-Tools Tek-Tools ProfilerRx v 3.53Ware for AMCC 3Ware 9000 SeriesTroika Networks Troika Accelera Powered byStoreAge SVMVERITAS VERITAS Storage Foundation 4.0Western Digital WD RaptorWD Caviar RAID Edition (RE)

Telephony and Networking

Allot Communications NetRealityNetEnforcerAsoka USA PlugLAN Network SolutionAT&T AT&T CallVantageSM ServiceAvaya Avaya IP Office " Small Office EditionBAFO Technologies Messenger Call BoxBelkin Remote IP ConsoleWireless Pre-N RouterBlueCat Networks Adonis DNS Appliance[TM] 2.0BridgeWave Communications GE60 Wireless Gigabit Ethernet LinkCisco IEEE 802.3af Power over Ethernet (PoE) standard across the Catalyst Intelligent Switching portfolioClearOne Communications RAVMax EXComdial CONVERSip MP1000 Media PlatformCymphonix Bandwidth ComposerF5 Networks BIG-IP v9.0Force10 Networks Force10 TeraScale Generation E-SeriesIBM IBM Tivoli Enterprise Console v3.9IBM eServer BladeCenter TInfoblox Infoblox DNS One 3.0Lantronix WiBoxLumenVox LV Speech TunerSpeech Driven Information System (SDIS) v4.0MGE UPS SYSTEMS Pulsar EX RT 3200 Fuel Cell UPSN-able Technologies N-vision 1.5N-central 3.6NEC Express5800/1020Ba BladeNEC Disaster Recovery Fault Tolerant (FT) SolutionNetScaler NetScaler 9000 Series Secure Application Delivery SystemNetScout Systems nGenius Performance Management SolutionNortel Networks BayStack 5520 SwitchesNortel Networks MultimediaCommunication Server 5100NVIDIA nForce3 ProfessionalPeribit SR-100SM-500Pingtel SIPxchangePolycom Polycom VSX 8000Polycom SoundStation2WPolycom VSX 3000Qwest Communications Qwest OneFlex Hosted IP TelephonyRaritan Computer Raritan's Dominion KXRaritan's CommandCenter 2.0Rendition Networks TrueControl V3.1Rockwell FirstPoint Contact FirstPoint Enterprise leveraging Cisco CallManagerSCO SCO OpenServer 5.0.7 with Supplement 33Com 3Com Network Director3Com IntelliJack Switch NJ2203Com SuperStack 3 Switch 3200ViewSonicViewSonic Wireless Media Kit WMG120-B1Voyence VoyenceControl! 3.0Zultys TechnologiesZultys ZIP 4x5—IP TelephoneZultys MX250—Enterprise Media Exchange


GSSAPI Authentication and Kerberos v5 | killexams.com real questions and Pass4sure dumps

This chapter is from the book 

This section discusses the GSSAPI mechanism, in particular, Kerberos v5 and how this works in conjunction with the Sun ONE Directory Server 5.2 software and what is involved in implementing such a solution. Please be aware that this is not a trivial task.

It’s worth taking a brief look at the relationship between the Generic Security Services Application Program Interface (GSSAPI) and Kerberos v5.

The GSSAPI does not actually provide security services itself. Rather, it is a framework that provides security services to callers in a generic fashion, with a range of underlying mechanisms and technologies such as Kerberos v5. The current implementation of the GSSAPI only works with the Kerberos v5 security mechanism. The best way to think about the relationship between GSSAPI and Kerberos is in the following manner: GSSAPI is a network authentication protocol abstraction that allows Kerberos credentials to be used in an authentication exchange. Kerberos v5 must be installed and running on any system on which GSSAPI-aware programs are running.

The support for the GSSAPI is made possible in the directory server through the introduction of a new SASL library, which is based on the Cyrus CMU implementation. Through this SASL framework, DIGEST-MD5 is supported as explained previously, and GSSAPI which implements Kerberos v5. Additional GSSAPI mechanisms do exist. For example, GSSAPI with SPNEGO support would be GSS-SPNEGO. Other GSS mechanism names are based on the GSS mechanisms OID.

The Sun ONE Directory Server 5.2 software only supports the use of GSSAPI on Solaris OE. There are implementations of GSSAPI for other operating systems (for example, Linux), but the Sun ONE Directory Server 5.2 software does not use them on platforms other than the Solaris OE.

Understanding GSSAPI

The Generic Security Services Application Program Interface (GSSAPI) is a standard interface, defined by RFC 2743, that provides a generic authentication and secure messaging interface, whereby these security mechanisms can be plugged in. The most commonly referred to GSSAPI mechanism is the Kerberos mechanism that is based on secret key cryptography.

One of the main aspects of GSSAPI is that it allows developers to add secure authentication and privacy (encryption and or integrity checking) protection to data being passed over the wire by writing to a single programming interface. This is shown in FIGURE 3-2.

03fig02.gifFigure 3-2. GSSAPI Layers

The underlying security mechanisms are loaded at the time the programs are executed, as opposed to when they are compiled and built. In practice, the most commonly used GSSAPI mechanism is Kerberos v5. The Solaris OE provides a few different flavors of Diffie-Hellman GSSAPI mechanisms, which are only useful to NIS+ applications.

What can be confusing is that developers might write applications that write directly to the Kerberos API, or they might write GSSAPI applications that request the Kerberos mechanism. There is a big difference, and applications that talk Kerberos directly cannot communicate with those that talk GSSAPI. The wire protocols are not compatible, even though the underlying Kerberos protocol is in use. An example is telnet with Kerberos is a secure telnet program that authenticates a telnet user and encrypts data, including passwords exchanged over the network during the telnet session. The authentication and message protection features are provided using Kerberos. The telnet application with Kerberos only uses Kerberos, which is based on secret-key technology. However, a telnet program written to the GSSAPI interface can use Kerberos as well as other security mechanisms supported by GSSAPI.

The Solaris OE does not deliver any libraries that provide support for third-party companies to program directly to the Kerberos API. The goal is to encourage developers to use the GSSAPI. Many open-source Kerberos implementations (MIT, Heimdal) allow users to write Kerberos applications directly.

On the wire, the GSSAPI is compatible with Microsoft’s SSPI and thus GSSAPI applications can communicate with Microsoft applications that use SSPI and Kerberos.

The GSSAPI is preferred because it is a standardized API, whereas Kerberos is not. This means that the MIT Kerberos development team might change the programming interface anytime, and any applications that exist today might not work in the future without some code modifications. Using GSSAPI avoids this problem.

Another benefit of GSSAPI is its pluggable feature, which is a big benefit, especially if a developer later decides that there is a better authentication method than Kerberos, because it can easily be plugged into the system and the existing GSSAPI applications should be able to use it without being recompiled or patched in any way.

Understanding Kerberos v5

Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. Originally developed at the Massachusetts Institute of Technology, it is included in the Solaris OE to provide strong authentication for Solaris OE network applications.

In addition to providing a secure authentication protocol, Kerberos also offers the ability to add privacy support (encrypted data streams) for remote applications such as telnet, ftp, rsh, rlogin, and other common UNIX network applications. In the Solaris OE, Kerberos can also be used to provide strong authentication and privacy support for Network File Systems (NFS), allowing secure and private file sharing across the network.

Because of its widespread acceptance and implementation in other operating systems, including Windows 2000, HP-UX, and Linux, the Kerberos authentication protocol can interoperate in a heterogeneous environment, allowing users on machines running one OS to securely authenticate themselves on hosts of a different OS.

The Kerberos software is available for Solaris OE versions 2.6, 7, 8, and 9 in a separate package called the Sun Enterprise Authentication Mechanism (SEAM) software. For Solaris 2.6 and Solaris 7 OE, Sun Enterprise Authentication Mechanism software is included as part of the Solaris Easy Access Server 3.0 (Solaris SEAS) package. For Solaris 8 OE, the Sun Enterprise Authentication Mechanism software package is available with the Solaris 8 OE Admin Pack.

For Solaris 2.6 and Solaris 7 OE, the Sun Enterprise Authentication Mechanism software is freely available as part of the Solaris Easy Access Server 3.0 package available for download from:

http://www.sun.com/software/solaris/7/ds/ds-seas.

For Solaris 8 OE systems, Sun Enterprise Authentication Mechanism software is available in the Solaris 8 OE Admin Pack, available for download from:

http://www.sun.com/bigadmin/content/adminPack/index.html.

For Solaris 9 OE systems, Sun Enterprise Authentication Mechanism software is already installed by default and contains the following packages listed in TABLE 3-1.

Table 3-1. Solaris 9 OE Kerberos v5 Packages

Package Name

Description

SUNWkdcr

Kerberos v5 KDC (root)

SUNWkdcu

Kerberos v5 Master KDC (user)

SUNWkrbr

Kerberos version 5 support (Root)

SUNWkrbu

Kerberos version 5 support (Usr)

SUNWkrbux

Kerberos version 5 support (Usr) (64-bit)

All of these Sun Enterprise Authentication Mechanism software distributions are based on the MIT KRB5 Release version 1.0. The client programs in these distributions are compatible with later MIT releases (1.1, 1.2) and with other implementations that are compliant with the standard.

How Kerberos Works

The following is an overview of the Kerberos v5 authentication system. From the user’s standpoint, Kerberos v5 is mostly invisible after the Kerberos session has been started. Initializing a Kerberos session often involves no more than logging in and providing a Kerberos password.

The Kerberos system revolves around the concept of a ticket. A ticket is a set of electronic information that serves as identification for a user or a service such as the NFS service. Just as your driver’s license identifies you and indicates what driving permissions you have, so a ticket identifies you and your network access privileges. When you perform a Kerberos-based transaction (for example, if you use rlogin to log in to another machine), your system transparently sends a request for a ticket to a Key Distribution Center, or KDC. The KDC accesses a database to authenticate your identity and returns a ticket that grants you permission to access the other machine. Transparently means that you do not need to explicitly request a ticket.

Tickets have certain attributes associated with them. For example, a ticket can be forwardable (which means that it can be used on another machine without a new authentication process), or postdated (not valid until a specified time). How tickets are used (for example, which users are allowed to obtain which types of tickets) is set by policies that are determined when Kerberos is installed or administered.

You will frequently see the terms credential and ticket. In the Kerberos world, they are often used interchangeably. Technically, however, a credential is a ticket plus the session key for that session.

Initial Authentication

Kerberos authentication has two phases, an initial authentication that allows for all subsequent authentications, and the subsequent authentications themselves.

A client (a user, or a service such as NFS) begins a Kerberos session by requesting a ticket-granting ticket (TGT) from the Key Distribution Center (KDC). This request is often done automatically at login.

A ticket-granting ticket is needed to obtain other tickets for specific services. Think of the ticket-granting ticket as something similar to a passport. Like a passport, the ticket-granting ticket identifies you and allows you to obtain numerous “visas,” where the “visas” (tickets) are not for foreign countries, but for remote machines or network services. Like passports and visas, the ticket-granting ticket and the other various tickets have limited lifetimes. The difference is that Kerberized commands notice that you have a passport and obtain the visas for you. You don’t have to perform the transactions yourself.

The KDC creates a ticket-granting ticket and sends it back, in encrypted form, to the client. The client decrypts the ticket-granting ticket using the client’s password.

Now in possession of a valid ticket-granting ticket, the client can request tickets for all sorts of network operations for as long as the ticket-granting ticket lasts. This ticket usually lasts for a few hours. Each time the client performs a unique network operation, it requests a ticket for that operation from the KDC.

Subsequent Authentications

The client requests a ticket for a particular service from the KDC by sending the KDC its ticket-granting ticket as proof of identity.

  • The KDC sends the ticket for the specific service to the client.

    For example, suppose user lucy wants to access an NFS file system that has been shared with krb5 authentication required. Since she is already authenticated (that is, she already has a ticket-granting ticket), as she attempts to access the files, the NFS client system automatically and transparently obtains a ticket from the KDC for the NFS service.

  • The client sends the ticket to the server.

    When using the NFS service, the NFS client automatically and transparently sends the ticket for the NFS service to the NFS server.

  • The server allows the client access.

    These steps make it appear that the server doesn’t ever communicate with the KDC. The server does, though, as it registers itself with the KDC, just as the first client does.

  • Principals

    A client is identified by its principal. A principal is a unique identity to which the KDC can assign tickets. A principal can be a user, such as joe, or a service, such as NFS.

    By convention, a principal name is divided into three parts: the primary, the instance, and the realm. A typical principal could be, for example, lucy/admin@EXAMPLE.COM, where:

    lucy is the primary. The primary can be a user name, as shown here, or a service, such as NFS. The primary can also be the word host, which signifies that this principal is a service principal that is set up to provide various network services.

    admin is the instance. An instance is optional in the case of user principals, but it is required for service principals. For example, if the user lucy sometimes acts as a system administrator, she can use lucy/admin to distinguish herself from her usual user identity. Likewise, if Lucy has accounts on two different hosts, she can use two principal names with different instances (for example, lucy/california.example.com and lucy/boston.example.com).

    Realms

    A realm is a logical network, similar to a domain, which defines a group of systems under the same master KDC. Some realms are hierarchical (one realm being a superset of the other realm). Otherwise, the realms are non-hierarchical (or direct) and the mapping between the two realms must be defined.

    Realms and KDC Servers

    Each realm must include a server that maintains the master copy of the principal database. This server is called the master KDC server. Additionally, each realm should contain at least one slave KDC server, which contains duplicate copies of the principal database. Both the master KDC server and the slave KDC server create tickets that are used to establish authentication.

    Understanding the Kerberos KDC

    The Kerberos Key Distribution Center (KDC) is a trusted server that issues Kerberos tickets to clients and servers to communicate securely. A Kerberos ticket is a block of data that is presented as the user’s credentials when attempting to access a Kerberized service. A ticket contains information about the user’s identity and a temporary encryption key, all encrypted in the server’s private key. In the Kerberos environment, any entity that is defined to have a Kerberos identity is referred to as a principal.

    A principal may be an entry for a particular user, host, or service (such as NFS or FTP) that is to interact with the KDC. Most commonly, the KDC server system also runs the Kerberos Administration Daemon, which handles administrative commands such as adding, deleting, and modifying principals in the Kerberos database. Typically, the KDC, the admin server, and the database are all on the same machine, but they can be separated if necessary. Some environments may require that multiple realms be configured with master KDCs and slave KDCs for each realm. The principals applied for securing each realm and KDC should be applied to all realms and KDCs in the network to ensure that there isn’t a single weak link in the chain.

    One of the first steps to take when initializing your Kerberos database is to create it using the kdb5_util command, which is located in /usr/sbin. When running this command, the user has the choice of whether to create a stash file or not. The stash file is a local copy of the master key that resides on the KDC’s local disk. The master key contained in the stash file is generated from the master password that the user enters when first creating the KDC database. The stash file is used to authenticate the KDC to itself automatically before starting the kadmind and krb5kdc daemons (for example, as part of the machine’s boot sequence).

    If a stash file is not used when the database is created, the administrator who starts up the krb5kdc process will have to manually enter the master key (password) every time they start the process. This may seem like a typical trade off between convenience and security, but if the rest of the system is sufficiently hardened and protected, very little security is lost by having the master key stored in the protected stash file. It is recommended that at least one slave KDC server be installed for each realm to ensure that a backup is available in the event that the master server becomes unavailable, and that slave KDC be configured with the same level of security as the master.

    Currently, the Sun Kerberos v5 Mechanism utility, kdb5_util, can create three types of keys, DES-CBC-CRC, DES-CBC-MD5, and DES-CBC-RAW. DES-CBC stands for DES encryption with Cipher Block Chaining and the CRC, MD5, and RAW designators refer to the checksum algorithm that is used. By default, the key created will be DES-CBC-CRC, which is the default encryption type for the KDC. The type of key created is specified on the command line with the -k option (see the kdb5_util (1M) man page). Choose the password for your stash file very carefully, because this password can be used in the future to decrypt the master key and modify the database. The password may be up to 1024 characters long and can include any combination of letters, numbers, punctuation, and spaces.

    The following is an example of creating a stash file:

    kdc1 #/usr/sbin/kdb5_util create -r EXAMPLE.COM -s Initializing database '/var/krb5/principal' for realm 'EXAMPLE.COM' master key name 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: master_key Re-enter KDC database master key to verify: master_key

    Notice the use of the -s argument to create the stash file. The location of the stash file is in the /var/krb5. The stash file appears with the following mode and ownership settings:

    kdc1 # cd /var/krb5 kdc1 # ls -l -rw------- 1 root other 14 Apr 10 14:28 .k5.EXAMPLE.COM

    The directory used to store the stash file and the database should not be shared or exported.

    Secure Settings in the KDC Configuration File

    The KDC and Administration daemons both read configuration information from /etc/krb5/kdc.conf. This file contains KDC-specific parameters that govern overall behavior for the KDC and for specific realms. The parameters in the kdc.conf file are explained in detail in the kdc.conf(4) man page.

    The kdc.conf parameters describe locations of various files and ports to use for accessing the KDC and the administration daemon. These parameters generally do not need to be changed, and doing so does not result in any added security. However, there are some parameters that may be adjusted to enhance the overall security of the KDC. The following are some examples of adjustable parameters that enhance security.

  • kdc_ports – Defines the ports that the KDC will listen on to receive requests. The standard port for Kerberos v5 is 88. 750 is included and commonly used to support older clients that still use the default port designated for Kerberos v4. Solaris OE still listens on port 750 for backwards compatibility. This is not considered a security risk.

  • max_life – Defines the maximum lifetime of a ticket, and defaults to eight hours. In environments where it is desirable to have users re-authenticate frequently and to reduce the chance of having a principal’s credentials stolen, this value should be lowered. The recommended value is eight hours.

  • max_renewable_life – Defines the period of time from when a ticket is issued that it may be renewed (using kinit -R). The standard value here is 7 days. To disable renewable tickets, this value may be set to 0 days, 0 hrs, 0 min. The recommended value is 7d 0h 0m 0s.

  • default_principal_expiration – A Kerberos principal is any unique identity to which Kerberos can assign a ticket. In the case of users, it is the same as the UNIX system user name. The default lifetime of any principal in the realm may be defined in the kdc.conf file with this option. This should be used only if the realm will contain temporary principals, otherwise the administrator will have to constantly be renewing principals. Usually, this setting is left undefined and principals do not expire. This is not insecure as long as the administrator is vigilant about removing principals for users that no longer need access to the systems.

  • supported_enctypes – The encryption types supported by the KDC may be defined with this option. At this time, Sun Enterprise Authentication Mechanism software only supports des-cbc-crc:normal encryption type, but in the future this may be used to ensure that only strong cryptographic ciphers are used.

  • dict_file – The location of a dictionary file containing strings that are not allowed as passwords. A principal with any password policy (see below) will not be able to use words found in this dictionary file. This is not defined by default. Using a dictionary file is a good way to prevent users from creating trivial passwords to protect their accounts, and thus helps avoid one of the most common weaknesses in a computer network-guessable passwords. The KDC will only check passwords against the dictionary for principals which have a password policy association, so it is good practice to have at least one simple policy associated with all principals in the realm.

  • The Solaris OE has a default system dictionary that is used by the spell program that may also be used by the KDC as a dictionary of common passwords. The location of this file is: /usr/share/lib/dict/words. Other dictionaries may be substituted. The format is one word or phrase per line.

    The following is a Kerberos v5 /etc/krb5/kdc.conf example with suggested settings:

    # Copyright 1998-2002 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "@(#)kdc.conf 1.2 02/02/14 SMI" [kdcdefaults] kdc_ports = 88,750 [realms] ___default_realm___ = { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s default_principal_flags = +preauth Needs moving -- dict_file = /usr/share/lib/dict/words } Access Control

    The Kerberos administration server allows for granular control of the administrative commands by use of an access control list (ACL) file (/etc/krb5/kadm5.acl). The syntax for the ACL file allows for wildcarding of principal names so it is not necessary to list every single administrator in the ACL file. This feature should be used with great care. The ACLs used by Kerberos allow privileges to be broken down into very precise functions that each administrator can perform. If a certain administrator only needs to be allowed to have read-access to the database then that person should not be granted full admin privileges. Below is a list of the privileges allowed:

  • a – Allows the addition of principals or policies in the database.

  • A – Prohibits the addition of principals or policies in the database.

  • d – Allows the deletion of principals or policies in the database.

  • D – Prohibits the deletion of principals or policies in the database.

  • m – Allows the modification of principals or policies in the database.

  • M – Prohibits the modification of principals or policies in the database.

  • c – Allows the changing of passwords for principals in the database.

  • C – Prohibits the changing of passwords for principals in the database.

  • i – Allows inquiries to the database.

  • I – Prohibits inquiries to the database.

  • l – Allows the listing of principals or policies in the database.

  • L – Prohibits the listing of principals or policies in the database.

  • * – Short for all privileges (admcil).

  • x – Short for all privileges (admcil). Identical to *.

  • Adding Administrators

    After the ACLs are set up, actual administrator principals should be added to the system. It is strongly recommended that administrative users have separate /admin principals to use only when administering the system. For example, user Lucy would have two principals in the database - lucy@REALM and lucy/admin@REALM. The /admin principal would only be used when administering the system, not for getting ticket-granting-tickets (TGTs) to access remote services. Using the /admin principal only for administrative purposes minimizes the chance of someone walking up to Joe’s unattended terminal and performing unauthorized administrative commands on the KDC.

    Kerberos principals may be differentiated by the instance part of their principal name. In the case of user principals, the most common instance identifier is /admin. It is standard practice in Kerberos to differentiate user principals by defining some to be /admin instances and others to have no specific instance identifier (for example, lucy/admin@REALM versus lucy@REALM). Principals with the /admin instance identifier are assumed to have administrative privileges defined in the ACL file and should only be used for administrative purposes. A principal with an /admin identifier which does not match up with any entries in the ACL file will not be granted any administrative privileges, it will be treated as a non-privileged user principal. Also, user principals with the /admin identifier are given separate passwords and separate permissions from the non-admin principal for the same user.

    The following is a sample /etc/krb5/kadm5.acl file:

    # Copyright (c) 1998-2000 by Sun Microsystems, Inc. # All rights reserved. # #pragma ident "@(#)kadm5.acl 1.1 01/03/19 SMI" # lucy/admin is given full administrative privilege lucy/admin@EXAMPLE.COM * # # tom/admin user is allowed to query the database (d), listing principals # (l), and changing user passwords (c) # tom/admin@EXAMPLE.COM dlc

    It is highly recommended that the kadm5.acl file be tightly controlled and that users be granted only the privileges they need to perform their assigned tasks.

    Creating Host Keys

    Creating host keys for systems in the realm such as slave KDCs is performed the same way that creating user principals is performed. However, the -randkey option should always be used, so no one ever knows the actual key for the hosts. Host principals are almost always stored in the keytab file, to be used by root-owned processes that wish to act as Kerberos services for the local host. It is rarely necessary for anyone to actually know the password for a host principal because the key is stored safely in the keytab and is only accessible by root-owned processes, never by actual users.

    When creating keytab files, the keys should always be extracted from the KDC on the same machine where the keytab is to reside using the ktadd command from a kadmin session. If this is not feasible, take great care in transferring the keytab file from one machine to the next. A malicious attacker who possesses the contents of the keytab file could use these keys from the file in order to gain access to another user or services credentials. Having the keys would then allow the attacker to impersonate whatever principal that the key represented and further compromise the security of that Kerberos realm. Some suggestions for transferring the keytab are to use Kerberized, encrypted ftp transfers, or to use the secure file transfer programs scp or sftp offered with the SSH package (http://www.openssh.org). Another safe method is to place the keytab on a removable disk, and hand-deliver it to the destination.

    Hand delivery does not scale well for large installations, so using the Kerberized ftp daemon is perhaps the most convenient and secure method available.

    Using NTP to Synchronize Clocks

    All servers participating in the Kerberos realm need to have their system clocks synchronized to within a configurable time limit (default 300 seconds). The safest, most secure way to systematically synchronize the clocks on a network of Kerberos servers is by using the Network Time Protocol (NTP) service. The Solaris OE comes with an NTP client and NTP server software (SUNWntpu package). See the ntpdate(1M) and xntpd(1M) man pages for more information on the individual commands. For more information on configuring NTP, refer to the following Sun BluePrints OnLine NTP articles:

    It is critical that the time be synchronized in a secure manner. A simple denial of service attack on either a client or a server would involve just skewing the time on that system to be outside of the configured clock skew value, which would then prevent anyone from acquiring TGTs from that system or accessing Kerberized services on that system. The default clock-skew value of five minutes is the maximum recommended value.

    The NTP infrastructure must also be secured, including the use of server hardening for the NTP server and application of NTP security features. Using the Solaris Security Toolkit software (formerly known as JASS) with the secure.driver script to create a minimal system and then installing just the necessary NTP software is one such method. The Solaris Security Toolkit software is available at:

    http://www.sun.com/security/jass/

    Documentation on the Solaris Security Toolkit software is available at:

    http://www.sun.com/security/blueprints

    Establishing Password Policies

    Kerberos allows the administrator to define password policies that can be applied to some or all of the user principals in the realm. A password policy contains definitions for the following parameters:

  • Minimum Password Length – The number of characters in the password, for which the recommended value is 8.

  • Maximum Password Classes – The number of different character classes that must be used to make up the password. Letters, numbers, and punctuation are the three classes and valid values are 1, 2, and 3. The recommended value is 2.

  • Saved Password History – The number of previous passwords that have been used by the principal that cannot be reused. The recommended value is 3.

  • Minimum Password Lifetime (seconds) – The minimum time that the password must be used before it can be changed. The recommended value is 3600 (1 hour).

  • Maximum Password Lifetime (seconds) – The maximum time that the password can be used before it must be changed. The recommended value is 7776000 (90 days).

  • These values can be set as a group and stored as a single policy. Different policies can be defined for different principals. It is recommended that the minimum password length be set to at least 8 and that at least 2 classes be required. Most people tend to choose easy-to-remember and easy-to-type passwords, so it is a good idea to at least set up policies to encourage slightly more difficult-to-guess passwords through the use of these parameters. Setting the Maximum Password Lifetime value may be helpful in some environments, to force people to change their passwords periodically. The period is up to the local administrator according to the overriding corporate security policy used at that particular site. Setting the Saved Password History value combined with the Minimum Password Lifetime value prevents people from simply switching their password several times until they get back to their original or favorite password.

    The maximum password length supported is 255 characters, unlike the UNIX password database which only supports up to 8 characters. Passwords are stored in the KDC encrypted database using the KDC default encryption method, DES-CBC-CRC. In order to prevent password guessing attacks, it is recommended that users choose long passwords or pass phrases. The 255 character limit allows one to choose a small sentence or easy to remember phrase instead of a simple one-word password.

    It is possible to use a dictionary file that can be used to prevent users from choosing common, easy-to-guess words (see “Secure Settings in the KDC Configuration File” on page 70). The dictionary file is only used when a principal has a policy association, so it is highly recommended that at least one policy be in effect for all principals in the realm.

    The following is an example password policy creation:

    If you specify a kadmin command without specifying any options, kadmin displays the syntax (usage information) for that command. The following code box shows this, followed by an actual add_policy command with options.

    kadmin: add_policy usage: add_policy [options] policy options are: [-maxlife time] [-minlife time] [-minlength length] [-minclasses number] [-history number] kadmin: add_policy -minlife "1 hour" -maxlife "90 days" -minlength 8 -minclasses 2 -history 3 passpolicy kadmin: get_policy passpolicy Policy: passpolicy Maximum password life: 7776000 Minimum password life: 3600 Minimum password length: 8 Minimum number of password character classes: 2 Number of old keys kept: 3 Reference count: 0

    This example creates a password policy called passpolicy which enforces a maximum password lifetime of 90 days, minimum length of 8 characters, a minimum of 2 different character classes (letters, numbers, punctuation), and a password history of 3.

    To apply this policy to an existing user, modify the following:

    kadmin: modprinc -policy passpolicy lucyPrincipal "lucy@EXAMPLE.COM" modified.

    To modify the default policy that is applied to all user principals in a realm, change the following:

    kadmin: modify_policy -maxlife "90 days" -minlife "1 hour" -minlength 8 -minclasses 2 -history 3 default kadmin: get_policy default Policy: default Maximum password life: 7776000 Minimum password life: 3600 Minimum password length: 8 Minimum number of password character classes: 2 Number of old keys kept: 3 Reference count: 1

    The Reference count value indicates how many principals are configured to use the policy.

    The default policy is automatically applied to all new principals that are not given the same password as the principal name when they are created. Any account with a policy assigned to it is uses the dictionary (defined in the dict_file parameter in /etc/krb5/kdc.conf) to check for common passwords.

    Backing Up a KDC

    Backups of a KDC system should be made regularly or according to local policy. However, backups should exclude the /etc/krb5/krb5.keytab file. If the local policy requires that backups be done over a network, then these backups should be secured either through the use of encryption or possibly by using a separate network interface that is only used for backup purposes and is not exposed to the same traffic as the non-backup network traffic. Backup storage media should always be kept in a secure, fireproof location.

    Monitoring the KDC

    Once the KDC is configured and running, it should be continually and vigilantly monitored. The Sun Kerberos v5 software KDC logs information into the /var/krb5/kdc.log file, but this location can be modified in the /etc/krb5/krb5.conf file, in the logging section.

    [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log

    The KDC log file should have read and write permissions for the root user only, as follows:

    -rw------ 1 root other 750 25 May 10 17:55 /var/krb5/kdc.log Kerberos Options

    The /etc/krb5/krb5.conf file contains information that all Kerberos applications use to determine what server to talk to and what realm they are participating in. Configuring the krb5.conf file is covered in the Sun Enterprise Authentication Mechanism Software Installation Guide. Also refer to the krb5.conf(4) man page for a full description of this file.

    The appdefaults section in the krb5.conf file contains parameters that control the behavior of many Kerberos client tools. Each tool may have its own section in the appdefaults section of the krb5.conf file.

    Many of the applications that use the appdefaults section, use the same options; however, they might be set in different ways for each client application.

    Kerberos Client Applications

    The following Kerberos applications can have their behavior modified through the user of options set in the appdefaults section of the /etc/krb5/krb5.conf file or by using various command-line arguments. These clients and their configuration settings are described below.

    kinit

    The kinit client is used by people who want to obtain a TGT from the KDC. The /etc/krb5/krb5.conf file supports the following kinit options: renewable, forwardable, no_addresses, max_life, max_renewable_life and proxiable.

    telnet

    The Kerberos telnet client has many command-line arguments that control its behavior. Refer to the man page for complete information. However, there are several interesting security issues involving the Kerberized telnet client.

    The telnet client uses a session key even after the service ticket which it was derived from has expired. This means that the telnet session remains active even after the ticket originally used to gain access, is no longer valid. This is insecure in a strict environment, however, the trade off between ease of use and strict security tends to lean in favor of ease-of-use in this situation. It is recommended that the telnet connection be re-initialized periodically by disconnecting and reconnecting with a new ticket. The overall lifetime of a ticket is defined by the KDC (/etc/krb5/kdc.conf), normally defined as eight hours.

    The telnet client allows the user to forward a copy of the credentials (TGT) used to authenticate to the remote system using the -f and -F command-line options. The -f option sends a non-forwardable copy of the local TGT to the remote system so that the user can access Kerberized NFS mounts or other local Kerberized services on that system only. The -F option sends a forwardable TGT to the remote system so that the TGT can be used from the remote system to gain further access to other remote Kerberos services beyond that point. The -F option is a superset of -f. If the Forwardable and or forward options are set to false in the krb5.conf file, these command-line arguments can be used to override those settings, thus giving individuals the control over whether and how their credentials are forwarded.

    The -x option should be used to turn on encryption for the data stream. This further protects the session from eavesdroppers. If the telnet server does not support encryption, the session is closed. The /etc/krb5/krb5.conf file supports the following telnet options: forward, forwardable, encrypt, and autologin. The autologin [true/false] parameter tells the client to try and attempt to log in without prompting the user for a user name. The local user name is passed on to the remote system in the telnet negotiations.

    rlogin and rsh

    The Kerberos rlogin and rsh clients behave much the same as their non-Kerberized equivalents. Because of this, it is recommended that if they are required to be included in the network files such as /etc/hosts.equiv and .rhosts that the root users directory be removed. The Kerberized versions have the added benefit of using Kerberos protocol for authentication and can also use Kerberos to protect the privacy of the session using encryption.

    Similar to telnet described previously, the rlogin and rsh clients use a session key after the service ticket which it was derived from has expired. Thus, for maximum security, rlogin and rsh sessions should be re-initialized periodically. rlogin uses the -f, -F, and -x options in the same fashion as the telnet client. The /etc/krb5/krb5.conf file supports the following rlogin options: forward, forwardable, and encrypt.

    Command-line options override configuration file settings. For example, if the rsh section in the krb5.conf file indicates encrypt false, but the -x option is used on the command line, an encrypted session is used.

    rcp

    Kerberized rcp can be used to transfer files securely between systems using Kerberos authentication and encryption (with the -x command-line option). It does not prompt for passwords, the user must already have a valid TGT before using rcp if they wish to use the encryption feature. However, beware if the -x option is not used and no local credentials are available, the rcp session will revert to the standard, non-Kerberized (and insecure) rcp behavior. It is highly recommended that users always use the -x option when using the Kerberized rcp client.The /etc/krb5/krb5.conf file supports the encrypt [true/false] option.

    login

    The Kerberos login program (login.krb5) is forked from a successful authentication by the Kerberized telnet daemon or the Kerberized rlogin daemon. This Kerberos login daemon is separate from the standard Solaris OE login daemon and thus, the standard Solaris OE features such as BSM auditing are not yet supported when using this daemon. The /etc/krb5/krb5.conf file supports the krb5_get_tickets [true/false] option. If this option is set to true, then the login program will generate a new Kerberos ticket (TGT) for the user upon proper authentication.

    ftp

    The Sun Enterprise Authentication Mechanism (SEAM) version of the ftp client uses the GSSAPI (RFC 2743) with Kerberos v5 as the default mechanism. This means that it uses Kerberos authentication and (optionally) encryption through the Kerberos v5 GSS mechanism. The only Kerberos-related command-line options are -f and -m. The -f option is the same as described above for telnet (there is no need for a -F option). -m allows the user to specify an alternative GSS mechanism if so desired, the default is to use the kerberos_v5 mechanism.

    The protection level used for the data transfer can be set using the protect command at the ftp prompt. Sun Enterprise Authentication Mechanism software ftp supports the following protection levels:

  • Clear unprotected, unencrypted transmission

  • Safe data is integrity protected using cryptographic checksums

  • Private data is transmitted with confidentiality and integrity using encryption

  • It is recommended that users set the protection level to private for all data transfers. The ftp client program does not support or reference the krb5.conf file to find any optional parameters. All ftp client options are passed on the command line. See the man page for the Kerberized ftp client, ftp(1).

    In summary, adding Kerberos to a network can increase the overall security available to the users and administrators of that network. Remote sessions can be securely authenticated and encrypted, and shared disks can be secured and encrypted across the network. In addition, Kerberos allows the database of user and service principals to be managed securely from any machine which supports the SEAM software Kerberos protocol. SEAM is interoperable with other RFC 1510 compliant Kerberos implementations such as MIT Krb5 and some MS Windows 2000 Active Directory services. Adopting the practices recommended in this section further secure the SEAM software infrastructure to help ensure a safer network environment.

    Implementing the Sun ONE Directory Server 5.2 Software and the GSSAPI Mechanism

    This section provides a high-level overview, followed by the in-depth procedures that describe the setup necessary to implement the GSSAPI mechanism and the Sun ONE Directory Server 5.2 software. This implementation assumes a realm of EXAMPLE.COM for this purpose. The following list gives an initial high-level overview of the steps required, with the next section providing the detailed information.

  • Setup DNS on the client machine. This is an important step because Kerberos requires DNS.

  • Install and configure the Sun ONE Directory Server version 5.2 software.

  • Check that the directory server and client both have the SASL plug-ins installed.

  • Install and configure Kerberos v5.

  • Edit the /etc/krb5/krb5.conf file.

  • Edit the /etc/krb5/kdc.conf file.

  • Edit the /etc/krb5/kadm5.acl file.

  • Move the kerberos_v5 line so it is the first line in the /etc/gss/mech file.

  • Create new principals using kadmin.local, which is an interactive commandline interface to the Kerberos v5 administration system.

  • Modify the rights for /etc/krb5/krb5.keytab. This access is necessary for the Sun ONE Directory Server 5.2 software.

  • Run /usr/sbin/kinit.

  • Check that you have a ticket with /usr/bin/klist.

  • Perform an ldapsearch, using the ldapsearch command-line tool from the Sun ONE Directory Server 5.2 software to test and verify.

  • The sections that follow fill in the details.

    Configuring a DNS Client

    To be a DNS client, a machine must run the resolver. The resolver is neither a daemon nor a single program. It is a set of dynamic library routines used by applications that need to know machine names. The resolver’s function is to resolve users’ queries. To do that, it queries a name server, which then returns either the requested information or a referral to another server. Once the resolver is configured, a machine can request DNS service from a name server.

    The following example shows you how to configure the resolv.conf(4) file in the server kdc1 in the example.com domain.

    ; ; /etc/resolv.conf file for dnsmaster ; domain example.com nameserver 192.168.0.0 nameserver 192.168.0.1

    The first line of the /etc/resolv.conf file lists the domain name in the form:

    domain domainname

    No spaces or tabs are permitted at the end of the domain name. Make sure that you press return immediately after the last character of the domain name.

    The second line identifies the server itself in the form:

    nameserver IP_address

    Succeeding lines list the IP addresses of one or two slave or cache-only name servers that the resolver should consult to resolve queries. Name server entries have the form:

    nameserver IP_address

    IP_address is the IP address of a slave or cache-only DNS name server. The resolver queries these name servers in the order they are listed until it obtains the information it needs.

    For more detailed information of what the resolv.conf file does, refer to the resolv.conf(4) man page.

    To Configure Kerberos v5 (Master KDC)

    In the this procedure, the following configuration parameters are used:

  • Realm name = EXAMPLE.COM

  • DNS domain name = example.com

  • Master KDC = kdc1.example.com

  • admin principal = lucy/admin

  • Online help URL = http://example:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956

  • This procedure requires that DNS is running.

    Before you begin this configuration process, make a backup of the /etc/krb5 files.

  • Become superuser on the master KDC. (kdc1, in this example)

  • Edit the Kerberos configuration file (krb5.conf).

    You need to change the realm names and the names of the servers. See the krb5.conf(4) man page for a full description of this file.

    kdc1 # more /etc/krb5/krb5.conf [libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { kdc = kdc1.example.com admin server = kdc1.example.com } [domain_realm] .example.com = EXAMPLE.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log [appdefaults] gkadmin = { help_url = http://example:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956 }

    In this example, the lines for domain_realm, kdc, admin_server, and all domain_realm entries were changed. In addition, the line with ___slave_kdcs___ in the [realms] section was deleted and the line that defines the help_url was edited.

  • Edit the KDC configuration file (kdc.conf).

    You must change the realm name. See the kdc.conf( 4) man page for a full description of this file.

    kdc1 # more /etc/krb5/kdc.conf [kdcdefaults] kdc_ports = 88,750 [realms] EXAMPLE.COM= { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s Need moving ---------> default_principal_flags = +preauth }

    In this example, only the realm name definition in the [realms] section is changed.

  • Create the KDC database by using the kdb5_util command.

    The kdb5_util command, which is located in /usr/sbin, creates the KDC database. When used with the -s option, this command creates a stash file that is used to authenticate the KDC to itself before the kadmind and krb5kdc daemons are started.

    kdc1 # /usr/sbin/kdb5_util create -r EXAMPLE.COM -s Initializing database '/var/krb5/principal' for realm 'EXAMPLE.COM' master key name 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: key Re-enter KDC database master key to verify: key

    The -r option followed by the realm name is not required if the realm name is equivalent to the domain name in the server’s name space.

  • Edit the Kerberos access control list file (kadm5.acl).

    Once populated, the /etc/krb5/kadm5.acl file contains all principal names that are allowed to administer the KDC. The first entry that is added might look similar to the following:

    lucy/admin@EXAMPLE.COM *

    This entry gives the lucy/admin principal in the EXAMPLE.COM realm the ability to modify principals or policies in the KDC. The default installation includes an asterisk (*) to match all admin principals. This default could be a security risk, so it is more secure to include a list of all of the admin principals. See the kadm5.acl(4) man page for more information.

  • Edit the /etc/gss/mech file.

    The /etc/gss/mech file contains the GSSAPI based security mechanism names, its object identifier (OID), and a shared library that implements the services for that mechanism under the GSSAPI. Change the following from:

    # Mechanism Name Object Identifier Shared Library Kernel Module # diffie_hellman_640_0 1.3.6.4.1.42.2.26.2.4 dh640-0.so.1 diffie_hellman_1024_0 1.3.6.4.1.42.2.26.2.5 dh1024-0.so.1 kerberos_v5 1.2.840.113554.1.2.2 gl/mech_krb5.so gl_kmech_krb5

    To the following:

    # Mechanism Name Object Identifier Shared Library Kernel Module # kerberos_v5 1.2.840.113554.1.2.2 gl/mech_krb5.so gl_kmech_krb5 diffie_hellman_640_0 1.3.6.4.1.42.2.26.2.4 dh640-0.so.1 diffie_hellman_1024_0 1.3.6.4.1.42.2.26.2.5 dh1024-0.so.1
  • Run the kadmin.local command to create principals.

    You can add as many admin principals as you need. But you must add at least one admin principal to complete the KDC configuration process. In the following example, lucy/admin is added as the principal.

    kdc1 # /usr/sbin/kadmin.local kadmin.local: addprinc lucy/admin Enter password for principal "lucy/admin@EXAMPLE.COM": Re-enter password for principal "lucy/admin@EXAMPLE.COM": Principal "lucy/admin@EXAMPLE.COM" created. kadmin.local:
  • Create a keytab file for the kadmind service.

    The following command sequence creates a special keytab file with principal entries for lucy and tom. These principals are needed for the kadmind service. In addition, you can optionally add NFS service principals, host principals, LDAP principals, and so on.

    When the principal instance is a host name, the fully qualified domain name (FQDN) must be entered in lowercase letters, regardless of the case of the domain name in the /etc/resolv.conf file.

    kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kadmin/kdc1.example.com Entry for principal kadmin/kdc1.example.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab. kadmin.local: ktadd -k /etc/krb5/kadm5.keytab changepw/kdc1.example.com Entry for principal changepw/kdc1.example.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab. kadmin.local:

    Once you have added all of the required principals, you can exit from kadmin.local as follows:

    kadmin.local: quit
  • Start the Kerberos daemons as shown:

    kdc1 # /etc/init.d/kdc start kdc1 # /etc/init.d/kdc.master start

    Note

    You stop the Kerberos daemons by running the following commands:

    kdc1 # /etc/init.d/kdc stop kdc1 # /etc/init.d/kdc.master stop
  • Add principals by using the SEAM Administration Tool.

    To do this, you must log on with one of the admin principal names that you created earlier in this procedure. However, the following command-line example is shown for simplicity.

    kdc1 # /usr/sbin/kadmin -p lucy/admin Enter password: kws_admin_password kadmin:
  • Create the master KDC host principal which is used by Kerberized applications such as klist and kprop.

    kadmin: addprinc -randkey host/kdc1.example.com Principal "host/kdc1.example.com@EXAMPLE.COM" created. kadmin:
  • (Optional) Create the master KDC root principal which is used for authenticated NFS mounting.

    kadmin: addprinc root/kdc1.example.com Enter password for principal root/kdc1.example.com@EXAMPLE.COM: password Re-enter password for principal root/kdc1.example.com@EXAMPLE.COM: password Principal "root/kdc1.example.com@EXAMPLE.COM" created. kadmin:
  • Add the master KDC’s host principal to the master KDC’s keytab file which allows this principal to be used automatically.

    kadmin: ktadd host/kdc1.example.com kadmin: Entry for principal host/kdc1.example.com with ->kvno 3, encryption type DES-CBC-CRC added to keytab ->WRFILE:/etc/krb5/krb5.keytab kadmin:

    Once you have added all of the required principals, you can exit from kadmin as follows:

    kadmin: quit
  • Run the kinit command to obtain and cache an initial ticket-granting ticket (credential) for the principal.

    This ticket is used for authentication by the Kerberos v5 system. kinit only needs to be run by the client at this time. If the Sun ONE directory server were a Kerberos client also, this step would need to be done for the server. However, you may want to use this to verify that Kerberos is up and running.

    kdclient # /usr/bin/kinit root/kdclient.example.com Password for root/kdclient.example.com@EXAMPLE.COM: passwd
  • Check and verify that you have a ticket with the klist command.

    The klist command reports if there is a keytab file and displays the principals. If the results show that there is no keytab file or that there is no NFS service principal, you need to verify the completion of all of the previous steps.

    # klist -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal ---- ------------------------------------------------------------------ 3 nfs/host.example.com@EXAMPLE.COM

    The example given here assumes a single domain. The KDC may reside on the same machine as the Sun ONE directory server for testing purposes, but there are security considerations to take into account on where the KDCs reside.

  • With regards to the configuration of Kerberos v5 in conjunction with the Sun ONE Directory Server 5.2 software, you are finished with the Kerberos v5 part. It’s now time to look at what is required to be configured on the Sun ONE directory server side.

    Sun ONE Directory Server 5.2 GSSAPI Configuration

    As previously discussed, the Generic Security Services Application Program Interface (GSSAPI), is standard interface that enables you to use a security mechanism such as Kerberos v5 to authenticate clients. The server uses the GSSAPI to actually validate the identity of a particular user. Once this user is validated, it’s up to the SASL mechanism to apply the GSSAPI mapping rules to obtain a DN that is the bind DN for all operations during the connection.

    The first item discussed is the new identity mapping functionality.

    The identity mapping service is required to map the credentials of another protocol, such as SASL DIGEST-MD5 and GSSAPI to a DN in the directory server. As you will see in the following example, the identity mapping feature uses the entries in the cn=identity mapping, cn=config configuration branch, whereby each protocol is defined and whereby each protocol must perform the identity mapping. For more information on the identity mapping feature, refer to the Sun ONE Directory Server 5.2 Documents.

    To Perform the GSSAPI Configuration for the Sun ONE Directory Server Software
  • Check and verify, by retrieving the rootDSE entry, that the GSSAPI is returned as one of the supported SASL Mechanisms.

    Example of using ldapsearch to retrieve the rootDSE and get the supported SASL mechanisms:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -b "" -s base "(objectclass=*)" supportedSASLMechanisms supportedSASLMechanisms=EXTERNAL supportedSASLMechanisms=GSSAPI supportedSASLMechanisms=DIGEST-MD5
  • Verify that the GSSAPI mechanism is enabled.

    By default, the GSSAPI mechanism is enabled.

    Example of using ldapsearch to verify that the GSSAPI SASL mechanism is enabled:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -D"cn=Directory Manager" -w password -b "cn=SASL, cn=security,cn= config" "(objectclass=*)" # # Should return # cn=SASL, cn=security, cn=config objectClass=top objectClass=nsContainer objectClass=dsSaslConfig cn=SASL dsSaslPluginsPath=/var/Sun/mps/lib/sasl dsSaslPluginsEnable=DIGEST-MD5 dsSaslPluginsEnable=GSSAPI
  • Create and add the GSSAPI identity-mapping.ldif.

    Add the LDIF shown below to the Sun ONE Directory Server so that it contains the correct suffix for your directory server.

    You need to do this because by default, no GSSAPI mappings are defined in the Sun ONE Directory Server 5.2 software.

    Example of a GSSAPI identity mapping LDIF file:

    # dn: cn=GSSAPI,cn=identity mapping,cn=config objectclass: nsContainer objectclass: top cn: GSSAPI dn: cn=default,cn=GSSAPI,cn=identity mapping,cn=config objectclass: dsIdentityMapping objectclass: nsContainer objectclass: top cn: default dsMappedDN: uid=${Principal},ou=people,dc=example,dc=com dn: cn=same_realm,cn=GSSAPI,cn=identity mapping,cn=config objectclass: dsIdentityMapping objectclass: dsPatternMatching objectclass: nsContainer objectclass: top cn: same_realm dsMatching-pattern: ${Principal} dsMatching-regexp: (.*)@example.com dsMappedDN: uid=$1,ou=people,dc=example,dc=com

    It is important to make use of the ${Principal} variable, because it is the only input you have from SASL in the case of GSSAPI. Either you need to build a dn using the ${Principal} variable or you need to perform pattern matching to see if you can apply a particular mapping. A principal corresponds to the identity of a user in Kerberos.

    You can find an example GSSAPI LDIF mappings files in ServerRoot/slapdserver/ldif/identityMapping_Examples.ldif.

    The following is an example using ldapmodify to do this:

    $./ldapmodify -a -c -h directoryserver_hostname -p ldap_port -D "cn=Directory Manager" -w password -f identity-mapping.ldif -e /var/tmp/ldif.rejects 2> /var/tmp/ldapmodify.log
  • Perform a test using ldapsearch.

    To perform this test, type the following ldapsearch command as shown below, and answer the prompt with the kinit value you previously defined.

    Example of using ldapsearch to test the GSSAPI mechanism:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -o mech=GSSAPI -o authzid="root/hostname.domainname@EXAMPLE.COM" -b "" -s base "(objectclass=*)"

    The output that is returned should be the same as without the -o option.

    If you do not use the -h hostname option, the GSS code ends up looking for a localhost.domainname Kerberos ticket, and an error occurs.



  • Direct Download of over 5500 Certification Exams

    3COM [8 Certification Exam(s) ]
    AccessData [1 Certification Exam(s) ]
    ACFE [1 Certification Exam(s) ]
    ACI [3 Certification Exam(s) ]
    Acme-Packet [1 Certification Exam(s) ]
    ACSM [4 Certification Exam(s) ]
    ACT [1 Certification Exam(s) ]
    Admission-Tests [13 Certification Exam(s) ]
    ADOBE [93 Certification Exam(s) ]
    AFP [1 Certification Exam(s) ]
    AICPA [2 Certification Exam(s) ]
    AIIM [1 Certification Exam(s) ]
    Alcatel-Lucent [13 Certification Exam(s) ]
    Alfresco [1 Certification Exam(s) ]
    Altiris [3 Certification Exam(s) ]
    Amazon [2 Certification Exam(s) ]
    American-College [2 Certification Exam(s) ]
    Android [4 Certification Exam(s) ]
    APA [1 Certification Exam(s) ]
    APC [2 Certification Exam(s) ]
    APICS [2 Certification Exam(s) ]
    Apple [69 Certification Exam(s) ]
    AppSense [1 Certification Exam(s) ]
    APTUSC [1 Certification Exam(s) ]
    Arizona-Education [1 Certification Exam(s) ]
    ARM [1 Certification Exam(s) ]
    Aruba [8 Certification Exam(s) ]
    ASIS [2 Certification Exam(s) ]
    ASQ [3 Certification Exam(s) ]
    ASTQB [8 Certification Exam(s) ]
    Autodesk [2 Certification Exam(s) ]
    Avaya [101 Certification Exam(s) ]
    AXELOS [1 Certification Exam(s) ]
    Axis [1 Certification Exam(s) ]
    Banking [1 Certification Exam(s) ]
    BEA [5 Certification Exam(s) ]
    BICSI [2 Certification Exam(s) ]
    BlackBerry [17 Certification Exam(s) ]
    BlueCoat [2 Certification Exam(s) ]
    Brocade [4 Certification Exam(s) ]
    Business-Objects [11 Certification Exam(s) ]
    Business-Tests [4 Certification Exam(s) ]
    CA-Technologies [20 Certification Exam(s) ]
    Certification-Board [10 Certification Exam(s) ]
    Certiport [3 Certification Exam(s) ]
    CheckPoint [43 Certification Exam(s) ]
    CIDQ [1 Certification Exam(s) ]
    CIPS [4 Certification Exam(s) ]
    Cisco [318 Certification Exam(s) ]
    Citrix [48 Certification Exam(s) ]
    CIW [18 Certification Exam(s) ]
    Cloudera [10 Certification Exam(s) ]
    Cognos [19 Certification Exam(s) ]
    College-Board [2 Certification Exam(s) ]
    CompTIA [76 Certification Exam(s) ]
    ComputerAssociates [6 Certification Exam(s) ]
    Consultant [2 Certification Exam(s) ]
    Counselor [4 Certification Exam(s) ]
    CPP-Institute [4 Certification Exam(s) ]
    CSP [1 Certification Exam(s) ]
    CWNA [1 Certification Exam(s) ]
    CWNP [13 Certification Exam(s) ]
    CyberArk [1 Certification Exam(s) ]
    Dassault [2 Certification Exam(s) ]
    DELL [11 Certification Exam(s) ]
    DMI [1 Certification Exam(s) ]
    DRI [1 Certification Exam(s) ]
    ECCouncil [22 Certification Exam(s) ]
    ECDL [1 Certification Exam(s) ]
    EMC [128 Certification Exam(s) ]
    Enterasys [13 Certification Exam(s) ]
    Ericsson [5 Certification Exam(s) ]
    ESPA [1 Certification Exam(s) ]
    Esri [2 Certification Exam(s) ]
    ExamExpress [15 Certification Exam(s) ]
    Exin [40 Certification Exam(s) ]
    ExtremeNetworks [3 Certification Exam(s) ]
    F5-Networks [20 Certification Exam(s) ]
    FCTC [2 Certification Exam(s) ]
    Filemaker [9 Certification Exam(s) ]
    Financial [36 Certification Exam(s) ]
    Food [4 Certification Exam(s) ]
    Fortinet [14 Certification Exam(s) ]
    Foundry [6 Certification Exam(s) ]
    FSMTB [1 Certification Exam(s) ]
    Fujitsu [2 Certification Exam(s) ]
    GAQM [9 Certification Exam(s) ]
    Genesys [4 Certification Exam(s) ]
    GIAC [15 Certification Exam(s) ]
    Google [4 Certification Exam(s) ]
    GuidanceSoftware [2 Certification Exam(s) ]
    H3C [1 Certification Exam(s) ]
    HDI [9 Certification Exam(s) ]
    Healthcare [3 Certification Exam(s) ]
    HIPAA [2 Certification Exam(s) ]
    Hitachi [30 Certification Exam(s) ]
    Hortonworks [4 Certification Exam(s) ]
    Hospitality [2 Certification Exam(s) ]
    HP [752 Certification Exam(s) ]
    HR [4 Certification Exam(s) ]
    HRCI [1 Certification Exam(s) ]
    Huawei [21 Certification Exam(s) ]
    Hyperion [10 Certification Exam(s) ]
    IAAP [1 Certification Exam(s) ]
    IAHCSMM [1 Certification Exam(s) ]
    IBM [1533 Certification Exam(s) ]
    IBQH [1 Certification Exam(s) ]
    ICAI [1 Certification Exam(s) ]
    ICDL [6 Certification Exam(s) ]
    IEEE [1 Certification Exam(s) ]
    IELTS [1 Certification Exam(s) ]
    IFPUG [1 Certification Exam(s) ]
    IIA [3 Certification Exam(s) ]
    IIBA [2 Certification Exam(s) ]
    IISFA [1 Certification Exam(s) ]
    Intel [2 Certification Exam(s) ]
    IQN [1 Certification Exam(s) ]
    IRS [1 Certification Exam(s) ]
    ISA [1 Certification Exam(s) ]
    ISACA [4 Certification Exam(s) ]
    ISC2 [6 Certification Exam(s) ]
    ISEB [24 Certification Exam(s) ]
    Isilon [4 Certification Exam(s) ]
    ISM [6 Certification Exam(s) ]
    iSQI [7 Certification Exam(s) ]
    ITEC [1 Certification Exam(s) ]
    Juniper [65 Certification Exam(s) ]
    LEED [1 Certification Exam(s) ]
    Legato [5 Certification Exam(s) ]
    Liferay [1 Certification Exam(s) ]
    Logical-Operations [1 Certification Exam(s) ]
    Lotus [66 Certification Exam(s) ]
    LPI [24 Certification Exam(s) ]
    LSI [3 Certification Exam(s) ]
    Magento [3 Certification Exam(s) ]
    Maintenance [2 Certification Exam(s) ]
    McAfee [8 Certification Exam(s) ]
    McData [3 Certification Exam(s) ]
    Medical [68 Certification Exam(s) ]
    Microsoft [375 Certification Exam(s) ]
    Mile2 [3 Certification Exam(s) ]
    Military [1 Certification Exam(s) ]
    Misc [1 Certification Exam(s) ]
    Motorola [7 Certification Exam(s) ]
    mySQL [4 Certification Exam(s) ]
    NBSTSA [1 Certification Exam(s) ]
    NCEES [2 Certification Exam(s) ]
    NCIDQ [1 Certification Exam(s) ]
    NCLEX [3 Certification Exam(s) ]
    Network-General [12 Certification Exam(s) ]
    NetworkAppliance [39 Certification Exam(s) ]
    NI [1 Certification Exam(s) ]
    NIELIT [1 Certification Exam(s) ]
    Nokia [6 Certification Exam(s) ]
    Nortel [130 Certification Exam(s) ]
    Novell [37 Certification Exam(s) ]
    OMG [10 Certification Exam(s) ]
    Oracle [282 Certification Exam(s) ]
    P&C [2 Certification Exam(s) ]
    Palo-Alto [4 Certification Exam(s) ]
    PARCC [1 Certification Exam(s) ]
    PayPal [1 Certification Exam(s) ]
    Pegasystems [12 Certification Exam(s) ]
    PEOPLECERT [4 Certification Exam(s) ]
    PMI [15 Certification Exam(s) ]
    Polycom [2 Certification Exam(s) ]
    PostgreSQL-CE [1 Certification Exam(s) ]
    Prince2 [6 Certification Exam(s) ]
    PRMIA [1 Certification Exam(s) ]
    PsychCorp [1 Certification Exam(s) ]
    PTCB [2 Certification Exam(s) ]
    QAI [1 Certification Exam(s) ]
    QlikView [1 Certification Exam(s) ]
    Quality-Assurance [7 Certification Exam(s) ]
    RACC [1 Certification Exam(s) ]
    Real Estate [1 Certification Exam(s) ]
    Real-Estate [1 Certification Exam(s) ]
    RedHat [8 Certification Exam(s) ]
    RES [5 Certification Exam(s) ]
    Riverbed [8 Certification Exam(s) ]
    RSA [15 Certification Exam(s) ]
    Sair [8 Certification Exam(s) ]
    Salesforce [5 Certification Exam(s) ]
    SANS [1 Certification Exam(s) ]
    SAP [98 Certification Exam(s) ]
    SASInstitute [15 Certification Exam(s) ]
    SAT [1 Certification Exam(s) ]
    SCO [10 Certification Exam(s) ]
    SCP [6 Certification Exam(s) ]
    SDI [3 Certification Exam(s) ]
    See-Beyond [1 Certification Exam(s) ]
    Siemens [1 Certification Exam(s) ]
    Snia [7 Certification Exam(s) ]
    SOA [15 Certification Exam(s) ]
    Social-Work-Board [4 Certification Exam(s) ]
    SpringSource [1 Certification Exam(s) ]
    SUN [63 Certification Exam(s) ]
    SUSE [1 Certification Exam(s) ]
    Sybase [17 Certification Exam(s) ]
    Symantec [135 Certification Exam(s) ]
    Teacher-Certification [4 Certification Exam(s) ]
    The-Open-Group [8 Certification Exam(s) ]
    TIA [3 Certification Exam(s) ]
    Tibco [18 Certification Exam(s) ]
    Trainers [3 Certification Exam(s) ]
    Trend [1 Certification Exam(s) ]
    TruSecure [1 Certification Exam(s) ]
    USMLE [1 Certification Exam(s) ]
    VCE [6 Certification Exam(s) ]
    Veeam [2 Certification Exam(s) ]
    Veritas [33 Certification Exam(s) ]
    Vmware [58 Certification Exam(s) ]
    Wonderlic [2 Certification Exam(s) ]
    Worldatwork [2 Certification Exam(s) ]
    XML-Master [3 Certification Exam(s) ]
    Zend [6 Certification Exam(s) ]





    References :


    Dropmark : http://killexams.dropmark.com/367904/12051622
    Dropmark-Text : http://killexams.dropmark.com/367904/12928053
    Blogspot : http://killexamsbraindump.blogspot.com/2018/01/ensure-your-success-with-this-000-886.html
    Wordpress : https://wp.me/p7SJ6L-2As
    Box.net : https://app.box.com/s/f10a55acyuryra3kqrue22keom3on20n






    Back to Main Page





    Killexams exams | Killexams certification | Pass4Sure questions and answers | Pass4sure | pass-guaratee | best test preparation | best training guides | examcollection | killexams | killexams review | killexams legit | kill example | kill example journalism | kill exams reviews | kill exam ripoff report | review | review quizlet | review login | review archives | review sheet | legitimate | legit | legitimacy | legitimation | legit check | legitimate program | legitimize | legitimate business | legitimate definition | legit site | legit online banking | legit website | legitimacy definition | pass 4 sure | pass for sure | p4s | pass4sure certification | pass4sure exam | IT certification | IT Exam | certification material provider | pass4sure login | pass4sure exams | pass4sure reviews | pass4sure aws | pass4sure security | pass4sure cisco | pass4sure coupon | pass4sure dumps | pass4sure cissp | pass4sure braindumps | pass4sure test | pass4sure torrent | pass4sure download | pass4surekey | pass4sure cap | pass4sure free | examsoft | examsoft login | exams | exams free | examsolutions | exams4pilots | examsoft download | exams questions | examslocal | exams practice |

    www.pass4surez.com | www.killcerts.com | www.search4exams.com | http://smresidences.com.ph/