alfs authentication protocol: requirements
jhuntwork at linuxfromscratch.org
Mon Nov 28 08:45:49 PST 2005
pak_lfs at freemail.gr wrote:
> My requirements from the alfs authentication protocol, please comment.
> 1. At all times, the client must be sure that they are talking to a specific
> server and not another random machine which just looks like this server and
> seems to have the same ip/hostname. (Identification).
> 2. At all times, the server must be sure that both it is talking to its *one
> and only* client *and* that behind this client is its *one and only*
> administrator (authorization). In particular, given that whoever manages to
> impersonate the client/admin combination gets in effect unlimited privileges
> on *all* the servers, this must be *much* harder to accomplish than
> impersonating the server.
Agreed - tentatively. I would like to point out that this shouldn't be
done exclusively by identifying a particular machine (though possibly we
could set it up that way in a conf file - you could disallow access from
a range of ips or perhaps only accept from a specific ip or a specific
hardware address). For example, perhaps you start the build from a
client running on one machine. You have to leave for a bit, but later
want to connect via another machine and see the progress. This should be
> 3. For this protocol to be convenient enough for its typical use case (one
> client multiple servers), there must be a *single* authentication token
> authenticating the client to all server. I.e., the admin should not be forced
> to supply a different password for each server. More generally, the amount of
> authentication resources (passwords, keys, certificates, whatever) per
> machine must be kept to a bare minimum.
> 4. The protocol must be largely based on existing solutions as much as
> possible, in order to be implementable. We don't want to reinvent TLS, as I
> don't think we would improve it. On the other hand, we want to keep the
> number of external dependencies as small as possible (most probably, at most
> 5. Some users, in some cases may use this protocol over slow lines (e.g., It
> happens several times that I would have to do administration work on the lab
> machines(alfs servers), from my laptop at home, through a lousy 56k (god help
> if its even 56k!) dialup. So, reducing latency and keeping roundrips to a
> minimum is a *good thing*, though I realise that this requirement has the
> lowest priority.
More information about the alfs-discuss