Date: Fri, 26 Jun 1998 17:16:40 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org.>
To: [email protected]Subject: Announcement: Experimental Authentication and Authorization Token Management Extensions in the FreeBSD Kernel
Cc: [email protected]
Experimental Authentication and Authorization
Token Management Extensions in the FreeBSD Kernel
Robert Watson
Abstract
FreeBSD, a derivative of the 4.4BSDlite research operating system
developed at the University of California at Berkeley, is used in a
variety of networked and stand-alone computing environments. FreeBSD
makes use of a simple yet flexible user-based authorization model
following the UNIX example. However, this model is not scalable across
large computing infrastructures with multiple administrative domains, and
the model does not interact well with the differing paradigms supported by
a variety of network operating systems.
This document proposes a set of extensions to the FreeBSD kernel providing
both authentication and authorization "tokens", allowing greater
flexibility in supporting a variety of authentication and authorization
models. Tokens are the kernel's representation of a fragment of data
relating to the capabilities and keying material associated with a set of
processes, or Process Authentication Group (PAG).
A sample implementation of a subset of the described token behavior via a
loadable kernel module available for download, along with a set of
utilities for experimenting with the token behavior. Expansion on the
implementation to provide additional features and sample uses will be
forthcoming.
URL: http://www.watson.org/fbsd-hardening/tokens/
Email: [email protected]
The [email protected] mailing list is also an appropriate place
to discuss the issues involved.
Robert N Watson
Carnegie Mellon University http://www.cmu.edu/
TIS Labs at Network Associates, Inc. http://www.tis.com/
SafePort Network Services http://www.safeport.com/[email protected]http://www.watson.org/~robert/
To Unsubscribe: send mail to [email protected]
with "unsubscribe security" in the body of the message
