11
Security

Authentification

Server and client are independently and personally known to the CA and have secretly deposited passwords there. Each using his own password, each obtains with getauthinfo across the net from logind a certificate documenting his own identity. The certificates are stored in keyring/default for the user running the server and in keyring/net!machine for the user of the client who wants to execute mount.

During the mount command the function auth() exchanges information from the certificates. The function is symmetrical for server and client:

include "keyring.m";

kr := load Keyring Keyring->PATH;
if (kr == nil)
sys->print("cannot load Keyring module\n");

authinfo := kr->readauthinfo("/usr/axel/keyring/net!$FILESERVER");
if (authinfo != nil)
(username, secret) := kr->auth(fd, authinfo, 0);

The server thus receives the name under which the client is identified at the CA. This name the server uses for the access privileges of the client.

It should be noted that all these exchanges employ algorithms (such as Diffie-Hellman's secure key exchange) that do not require passwords to be sent across the network.

The Secure Socket Layer is a filter that can be pushed like a pipeline onto a ref FD:

include "sys.m";
include "security.m";

sys := load Sys Sys->PATH;
if (sys->bind("#D", "/n/ssl", Sys->MREPL) < 0)
...

ssl := load SSL SSL->PATH;

(err, conn) := ssl->connect(fd);
if (err != nil)
sys->print("cannot push SSL: %s\n", err);
else if ((err = ssl->secret(conn, secret, secret)) != nil)
sys->print("cannot set secret: %s\n", err);
else if (sys->fprint(conn.cfd, "alg clear") < 0)
sys->print("cannot set alg clear: %r\n");
else
return conn.dfd;

fd is the original connection, the result is the secure connection. secret is a temporary key that was obtained during execution of auth(). It is not likely that clear is the algorithm of choice...

11/May/1998