alfs authentication protocol: requirements

Jeremy Huntwork jhuntwork at
Mon Nov 28 08:45:49 PST 2005

pak_lfs at wrote:
> My requirements from the alfs authentication protocol, please comment.
> 1. At all times, the client must be sure that they are talking to a specific
> server and not another random machine which just looks like this server and
> seems to have the same ip/hostname. (Identification).


> 2. At all times, the server must be sure that both it is talking to its *one 
> and only* client *and* that behind this client is its *one and only* 
> administrator (authorization). In particular, given that whoever manages to 
> impersonate the client/admin combination gets in effect unlimited privileges 
> on *all* the servers, this must be *much* harder to accomplish than 
> impersonating the server.

Agreed - tentatively. I would like to point out that this shouldn't be 
done exclusively by identifying a particular machine (though possibly we 
could set it up that way in a conf file - you could disallow access from 
a range of ips or perhaps only accept from a specific ip or a specific 
hardware address). For example, perhaps you start the build from a 
client running on one machine. You have to leave for a bit, but later 
want to connect via another machine and see the progress. This should be 
a possibility.

> 3. For this protocol to be convenient enough for its typical use case (one 
> client multiple servers), there must be a *single* authentication token 
> authenticating the client to all server. I.e., the admin should not be forced 
> to supply a different password for each server. More generally, the amount of 
> authentication resources (passwords, keys, certificates, whatever) per 
> machine must be kept to a bare minimum.

Sounds reasonable.

> 4. The protocol must be largely based on existing solutions as much as 
> possible, in order to be implementable. We don't want to reinvent TLS, as I 
> don't think we would improve it. On the other hand, we want to keep the 
> number of external dependencies as small as possible (most probably, at most 
> one).


> 5. Some users, in some cases may use this protocol over slow lines (e.g., It 
> happens several times that I would have to do administration work on the lab 
> machines(alfs servers), from my laptop at home, through a lousy 56k (god help 
> if its even 56k!) dialup. So, reducing latency and keeping roundrips to a 
> minimum is a *good thing*, though I realise that this requirement has the 
> lowest priority.

Yep. :)


More information about the alfs-discuss mailing list