[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gomd-devel] Post-beta Authentication roundup
|
From: |
Matthias Rechenburg |
|
Subject: |
Re: [gomd-devel] Post-beta Authentication roundup |
|
Date: |
Wed, 1 Oct 2003 00:41:43 +0200 |
|
User-agent: |
KMail/1.4.3 |
Hi Roeles,
in short ;) i like your approach ....... and i hope that i does not make
it too complicated. We need to discuss it alltogether in a chat session
i guess to find the right solution for the gomd.
On Dienstag 30 September 2003 21:22, address@hidden wrote:
> Hi,
>
> I did some thinking (again) on the authentication stuff...and got to a
> conclusion (always nice :) Any remarks/questions/emotions are off course
> welcome.
>
> The situation:
> - Gomd listens on 2 ports. 1 port for SSL connection and 1 port for
> plain/text connections.
>
> - When a client connects on the SSL port, gomd sends a random string (after
> receiving the username) encrypted by a form of the users' password to the
> client. The client will decrypt this string with the user-specified
> password and sends the (unencrypted) string back. When authentication is
> successfull, the newly created gomd thread will run under the UID of the
> just logged on user.
>
> - When a client connects to the plain/text port, gomd will not ask for any
> user/pass, but will instantly create the new thread. This thread will run
> as user nobody.
mmhmm, all gomd's should run as root too my mind
sorry for this security flaw ;)) but it shoudl be able to execute
administrative commands as root.
Maybe we just need to auth just one user for the gomd -> root ..... ?
>
> Some things to notice:
> - Gomd grabs user/pass info internally using PAM. This will add huge
> flexibility imho
> - Hyjacked connections will have rights of user 'nobody' (since SSL
> hyjacking is not done)
;) let us try to hack the gomd, ok ?
We can make a small contest out of it and see where our
most serious problems are ;))
What do you think ? should be funny, eh ?
> - the user's password will _not_ be stored/sent plaintext.
> - authentication will use some kind of private/public keypair encryption.
> how this works exactly we'll have to find out.
> - Command execution can be limited due to rights.
>
> NOTICE: We'll have to think about gomd2gomd and users. But that's for later
> concern and not a great matter since a cluster is already considered
> unsecure imho
yep
>
> cheers,
>
> Roel "roeles" Baardman
>
> P.s. please read this very good to avoid misunderstandings. I'll be on the
> gomd channel to answer all questions. Also, you can mail me at this
> address.
have a good night,
Matt
--
E-mail : address@hidden
www : http://www.openmosixview.com
an openMosix-cluster management GUI
for X in $(seq 1 50); do (cat /dev/zero |netcat localhost 9 &); done