authsrv 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414
  1. .TH AUTHSRV 6
  2. .SH NAME
  3. ticket \- authentication service
  4. .SH DESCRIPTION
  5. This manual page describes
  6. the protocols used to authorize connections, confirm the identities
  7. of users and machines, and maintain the associated databases.
  8. The machine that provides these services is called the
  9. .I authentication server
  10. (AS).
  11. The AS may be a stand-alone machine or a general-use machine such as a CPU server.
  12. The network database
  13. .IR ndb (6)
  14. holds for each public machine, such as a CPU server or
  15. file server, the name of the authentication server that machine uses.
  16. .PP
  17. Each machine contains three values important to authentication; a 56-bit DES
  18. key, a 28-byte authentication ID, and a 48-byte authentication domain name.
  19. The ID is a user name and identifies who is currently responsible for the
  20. kernel running on that machine.
  21. The domain name identifies the machines across which the ID is valid.
  22. Together, the ID and domain name identify the owner of a key.
  23. .PP
  24. When a terminal boots, the user is prompted for user name and password.
  25. The user name becomes the terminal's authentication ID.
  26. The password is converted using
  27. .I passtokey
  28. (see
  29. .IR auth (2))
  30. into a 56-bit DES key and saved as the machine's key.
  31. The authentication domain is set to the null string.
  32. If possible, the terminal validates the key with the AS
  33. before saving it.
  34. For Internet machines the correct AS to ask is found using
  35. .IR dhcpd (8).
  36. .PP
  37. When a CPU or file server boots, it reads the key, ID, and domain name from
  38. non-volatile RAM.
  39. This allows servers to reboot without operator intervention.
  40. .PP
  41. The details of any authentication are mixed with the semantics
  42. of the particular service they are authenticating so we describe
  43. them one case at a time. The following definitions will be used
  44. in the descriptions:
  45. .TF nullx
  46. .TP
  47. .I \fICHc\fP
  48. an 8-byte random challenge from a client
  49. .TP
  50. .I CHs
  51. an 8-byte random challenge from a server
  52. .TP
  53. .I \fIKs\fP
  54. server's key
  55. .TP
  56. .I \fIKc\fP
  57. client's key
  58. .TP
  59. .I \fIKn\fP
  60. a nonce key created for a ticket
  61. .TP
  62. .I K\fP\fIm\fP
  63. message m
  64. encrypted with key K
  65. .TP
  66. .I \fIIDs\fP
  67. server's ID
  68. .TP
  69. .I \fIDNs\fP
  70. server's authentication domain name
  71. .TP
  72. .I \fIIDc\fP
  73. client's ID
  74. .TP
  75. .I \fIUIDc\fP
  76. user's name on the client
  77. .TP
  78. .I \fIUIDs\fP
  79. user's name on the server
  80. .PD
  81. .PP
  82. A number of constants defined in
  83. .B auth.h
  84. are also used:
  85. .IR AuthTreq,
  86. .IR AuthChal,
  87. .IR AuthOK,
  88. .IR AuthErr,
  89. .IR AuthTs,
  90. .IR AuthTc,
  91. .IR AuthAs,
  92. and
  93. .IR AuthAc .
  94. .SS "File Service"
  95. File service sessions are long-lived connections between a client host
  96. and a file server.
  97. Processes belonging to different users share the session.
  98. Whenever a user process on the client
  99. .I mounts
  100. a file server
  101. (see
  102. .IR bind (2)),
  103. it must authenticate itself.
  104. There are four players in an authentication: the server, the client kernel,
  105. the user process on the client, and the authentication server.
  106. The goal of the authentication protocol is to convince the server
  107. that the client may validly speak for the user process.
  108. .PP
  109. To reduce the number of messages for each authentication,
  110. common information is exchanged once at the
  111. beginning of the session within a
  112. .I session
  113. message
  114. (see
  115. .IR attach (5)):
  116. .TF "Client->Server"
  117. .TP
  118. .IR Client -> Server
  119. Tsession( \fICHc\fP )
  120. .TP
  121. .IR Server -> Client
  122. Rsession( \fICHs\fP, \fIIDs\fP, \fIDNs\fP )
  123. .PD
  124. .PP
  125. Each time a user mounts a file server connection, an attach
  126. message is sent identifying/authenticating the user:
  127. .TF "Client->Server"
  128. .TP
  129. .IR Client -> Server
  130. Tattach( \fIKs\fP{ \fIAuthTs\fP, \fICHs\fP, \fIUIDc\fP, \fIUIDs\fP, \fIKn\fP }, \fIKn\fP{ \fIAuthAc\fP, \fICHs\fP, \fIcount\fP } )
  131. .TP
  132. .IR Server -> Client
  133. Rattach( \fIKn\fP{ AuthAs, \fICHc\fP, \fIcount\fP } )
  134. .PD
  135. .PP
  136. The part of the attach request encrypted with
  137. .BR \fIKs\fP
  138. is called a
  139. .IR ticket .
  140. Since it is encrypted in the server's secret key, this message is guaranteed
  141. to have originated on the AS.
  142. The part encrypted with the
  143. .B \fIKn\fP
  144. found in the ticket is called an
  145. .IR authenticator .
  146. The authenticator is generated by the client kernel and guarantees that
  147. the ticket was not stolen.
  148. The
  149. .I count
  150. is incremented with each mount to make every authenticator unique,
  151. thus foiling replay attacks.
  152. The server is itself authenticated by the authenticator
  153. it sends as a reply to the attach.
  154. .PP
  155. Tickets are created by the AS at the request of a user process.
  156. The AS contains a database of which \fIIDc\fP's may speak for which \fIUIDc\fP's.
  157. If the \fIIDc\fP may speak for the \fIUIDc\fP, two tickets are returned.
  158. .TF "UserProc->AS"
  159. .TP
  160. .IR UserProc -> AS
  161. \fIAuthTreq\fP, \fICHs\fP, \fIIDs\fP, \fIDNs\fP, \fIIDc\fP, \fIUIDc\fP
  162. .TP
  163. .IR AS -> UserProc
  164. \fIAuthOK\fP, \fIKc\fP{ \fIAuthTc\fP, \fICHs\fP, \fIUIDc\fP, \fIUIDs\fP, \fIKn\fP }, \fIKs\fP{ \fIAuthTs\fP, \fICHs\fP, \fIUIDc\fP, \fIUIDs\fP, \fIKn\fP }
  165. .PD
  166. .PP
  167. Otherwise an error message is returned.
  168. .TF "UserProc->AS"
  169. .TP
  170. .IR AS -> UserProc
  171. \fIAuthErr\fP, 64-byte error string
  172. .PD
  173. .PP
  174. The user passes both tickets to the client's kernel using
  175. the
  176. .I fauth
  177. system call
  178. (see
  179. .IR fauth (2)).
  180. The kernel decrypts the ticket encrypted with \fIKc\fP.
  181. If \fIUIDc\fP
  182. matches the user's login ID, the tickets are remembered for
  183. any subsequent attaches by that user of that file server session.
  184. Otherwise, the ticket is assumed stolen and an error is returned.
  185. .SS "Remote Execution"
  186. .PP
  187. A number of applications require a process on one machine to start
  188. a process with the same user ID on a server machine.
  189. Examples are
  190. .IR cpu (1),
  191. .I rx
  192. (see
  193. .IR con (1)),
  194. and
  195. .IR exportfs (4).
  196. The called process replies to the connection with a ticket request.
  197. .TF "Server->UserProc"
  198. .TP
  199. .IR Server -> UserProc
  200. \fIAuthTreq\fP, \fICHs\fP, \fIIDs\fP, \fIDNs\fP, xxx, xxx
  201. .PD
  202. .PP
  203. Here
  204. .I xxx
  205. indicates a field whose contents do not matter.
  206. .PP
  207. The calling process adds its machine's \fIIDc\fP and its \fIUIDc\fP to the request
  208. and follows the protocol outlined above to get two tickets from the AS.
  209. The process passes the
  210. \fIKs\fP
  211. encrypted ticket plus an authenticator generated by
  212. .B /dev/authenticator
  213. from the
  214. \fIKc\fP
  215. ticket to the remote server, which writes them to the
  216. kernel to set the user ID (see
  217. .IR cons (3)).
  218. The server replies with its own authenticator which can be written
  219. to the kernel along with the
  220. \fIKc\fP
  221. encrypted ticket to confirm the server's identity (see
  222. .IR cons (3)).
  223. .TF "UserProc->Server"
  224. .TP
  225. .IR UserProc -> Server
  226. \fIKs\fP{ \fIAuthTs\fP, \fICHs\fP, \fIUIDc\fP, \fIUIDs\fP, \fIKn\fP }, \fIKn\fP{ \fIAuthAc\fP, \fICHs\fP, 0 }
  227. .TP
  228. .IR Server -> UserProc
  229. \fIKn\fP{ \fIAuthAs\fP, \fICHs\fP, 0 }
  230. .PD
  231. .SS "Challenge Box"
  232. A user may also start a process on a CPU server from a non Plan 9
  233. machine using commands such as
  234. .IR con,
  235. .IR telnet,
  236. or
  237. .I ftp
  238. (see
  239. .IR con (1)
  240. and
  241. .IR ftpfs (4)).
  242. In these situations, the user can authenticate using a hand-held
  243. DES encryptor.
  244. The telnet or FTP daemon first sends a ticket request to the
  245. authentication server.
  246. If the AS has keys for both the \fIIDc\fP and \fIUIDc\fP in the ticket
  247. request it returns a challenge as a hexadecimal number.
  248. .TF "Daemon->AS"
  249. .TP
  250. .IR Daemon -> AS
  251. \fIAuthChal\fP, \fICHc\fP, \fIIDc\fP, \fIDNs\fP, \fIIDc\fP, \fIUIDc\fP
  252. .TP
  253. .IR AS -> Daemon
  254. \fIAuthOK\fP, 16-byte
  255. .SM ASCII
  256. challenge
  257. .PD
  258. .PP
  259. Otherwise, it returns a null-terminated 64-byte error string.
  260. .TF "Daemon->AS"
  261. .TP
  262. .IR AS -> Daemon
  263. \fIAuthErr\fP, 64-byte error string
  264. .PD
  265. .PP
  266. The daemon relays the challenge to the calling program,
  267. which displays the challenge on the user's screen.
  268. The user encrypts it and types in the
  269. result, which is relayed back to the AS.
  270. The AS checks it against the expected response and returns
  271. either a ticket or an error.
  272. .TF "Daemon->AS"
  273. .TP
  274. .IR Daemon -> AS
  275. 16-byte
  276. .SM ASCII
  277. response
  278. .TP
  279. .IR AS -> Daemon
  280. \fIAuthOK\fP, \fIKc\fP{ \fIAuthTs\fP, \fICHc\fP, \fIUIDc\fP, \fIUIDc\fP, \fIKn\fP }
  281. .PD
  282. .PP
  283. or
  284. .TF "Daemon->AS"
  285. .TP
  286. .IR AS -> Daemon
  287. \fIAuthErr\fP, 64-byte error string
  288. .PD
  289. .PP
  290. Finally, the daemon passes the ticket to the kernel
  291. to set the user ID (see
  292. .IR cons (3)).
  293. .SS "Password Change"
  294. Any user can change the key stored for him or her on the AS.
  295. Once again we start by passing a ticket request to the AS.
  296. Only the user ID in the request is meaningful.
  297. The AS replies with a single ticket (or an error message)
  298. encrypted in the user's personal key.
  299. The user encrypts both the old and new keys with the
  300. \fIKn\fP from the returned ticket and sends that back to the AS.
  301. The AS checks the reply for validity and replies with an
  302. \fIAuthOK\fP byte or an error message.
  303. .TF "UserProc->AS"
  304. .TP
  305. .IR UserProc -> AS
  306. \fIAuthPass\fP, xxx, xxx, xxx, xxx, \fIUIDc\fP
  307. .TP
  308. .IR AS -> UserProc
  309. \fIAuthOK\fP, \fIKc\fP{ \fIAuthTp\fR, xxx, xxx, xxx, \fIKn\fP }
  310. .TP
  311. .IR UserProc -> AS
  312. \fIKn\fP{ \fIAuthPass\fP, "old password", "new password" }
  313. .TP
  314. .IR AS -> UserProc
  315. \fIAuthOK\fP
  316. .PD
  317. .PP
  318. or
  319. .TF "UserProc->AS"
  320. .TP
  321. .IR AS -> UserProc
  322. \fIAuthErr\fP, 64-byte error string
  323. .PD
  324. .PP
  325. .SS "Data Base"
  326. An
  327. .IR ndb (2)
  328. database file exists for the authentication server.
  329. This database maintains ``speaks for'' relationships, i.e.,
  330. it lists which users may speak for other users when
  331. authtenticating.
  332. The attribute types used by the AS are
  333. .B hostid
  334. and
  335. .BR uid .
  336. The value in the
  337. .B hostid
  338. is a client host's ID.
  339. The values in the
  340. .B uid
  341. pairs in the same entry list which users that host ID
  342. make speak for.
  343. A uid value of
  344. .B *
  345. means the host ID may speak for all users.
  346. A uid value of
  347. .BI ! user
  348. means the host ID may not speak for
  349. .IR user .
  350. For example:
  351. .PP
  352. .EX
  353. hostid=bootes
  354. uid=!sys uid=!adm uid=*
  355. .EE
  356. .PP
  357. is interpreted as
  358. .B bootes
  359. may speak for any user except
  360. .B sys
  361. and
  362. .BR adm .
  363. This property is used heavily on cpu servers.
  364. .PP
  365. The
  366. .I ndb
  367. database is also used when talking to Lucent Radius
  368. servers to check SecureID authentications. The database
  369. file provides the Radius server's secret key and
  370. to mappings from local uid's to those known by the server.
  371. The attribute type
  372. .B radius
  373. identifies the Radius server.
  374. The attribute
  375. .B secret
  376. provides the hash key used in talking to the
  377. server.
  378. The attributes
  379. .B uid
  380. and
  381. .B rid
  382. profile the local and remote user id's when verifying
  383. a SecureID login.
  384. For example:
  385. .PP
  386. .EX
  387. radius=lra-radius secret=xyzzy
  388. uid=bob rid=roberttheworkstation
  389. .EE
  390. .PP
  391. says that when verifying SecureID's on server
  392. .BR lra-radius ,
  393. use the hash key
  394. .BR xyzzy .
  395. Local user
  396. .B bob
  397. is known as
  398. .B roberttheworkstation
  399. on the radius server.
  400. .SH FILES
  401. .TF /lib/ndb/auth.*xxx
  402. .TP
  403. .B /lib/ndb/auth
  404. database file
  405. .TP
  406. .B /lib/ndb/auth.*
  407. hash files for
  408. .B /lib/ndb/auth
  409. .SH SEE ALSO
  410. .IR auth (2),
  411. .IR fauth (2),
  412. .IR cons (3),
  413. .IR attach (5),
  414. .IR auth (8)