authentication server for unix

authentication server for unix

[Steve_Kilbane]

> if anyone outside of the us wants des, they can have mine.  mail me.
> 

yes please....

steve

authentication server for unix

[Henner]

> if anyone outside of the us wants des, they can have mine.  mail me.

Hi!

I'm very interested in your code, can you mail it to me? Thank you very much
in advance!

Unfortunately I only have the money for one Plan9 PC, so an old DECstattion has to
play the file and authentication server.

Tschuess,

	Henner

--
===============================================================================
 
Henner Gratz                                 Email:       a82@lrw.uni-bremen.de
Leeuwarder Str. 16A                          Fax (at home): +49-(0)421-58 52 10
D-28259 Bremen                               Tel (at home): +49-(0)421-58 51 84
GERMANY
 
===============================================================================

authentication server for unix

[Boyd]

if anyone outside of the us wants des, they can have mine.  mail me.

authentication server for unix

[presotto]

cool

authentication server for unix

[Pace]

At the suggestion of forsyth@plan9.cs.york.ac.uk, I've separated the
encryption stuff from my IL driver, and put the exportable parts up
for anonymous ftp at

	ftp://ftp.blitz.com/pub/il.tar.gz

Pace Willisson
pace@blitz.com

authentication server for unix

[Pace]

I've got a plan 9 authentication server running on a stock BSDI unix
system.  The basic idea is that I wrote a SOCK_RAW based IL driver,
and then imported the main parts of the plan 9 auth.srv program.  You
probably don't need this unless you have at least 3 computers: a unix
system that you have to keep running even when playing with plan 9,
plus 2 other computers to run a plan 9 file server and a plan 9
terminal.

Here is the README file - follow the instructions if you'd like to 
receive a copy of the whole program.

Pace Willisson
pace@blitz.com



This is a (fairly) quick hack to make a plan 9 authentication server
that can run under unix.  Using it, you can set up a reasonably
complete plan 9 system with 2 dedicated ibm pc's - otherwise, you need
3 - a file server, a cpu/authentication server, and a terminal server.

You can eliminate the need for the plan 9 file server by running u9fs
on a unix machine, but that really slows things down (on my pentium,
sam compiles in 14 seconds with a plan 9 file server, but 44 seconds
using u9fs).

Once you have a plan 9 file server, you really need an authentication
server, otherwise, every time you boot the file server, you have to
catch it in the middle and type "allow" (and thus give up all
permission checking).

In the usual plan 9 systems, the authentication server runs on a cpu
server.  I looked for ways to get it to run on a terminal, but it
didn't seem like that would really work out (mainly due to the fake
nvram handling).  Perhaps Vadim's suggestions for merging the terminal
and cpu server functions could help, but since plan 9 is so new to me,
I can't evaluate them.

Except for running the authentication server, the cpu server is not
needed if your terminal is fast.  So, I adopted the goal of moving the
authentication server to a unix box that is always up.  Then, I can
use 2 ibm pc's to run the plan 9 file server, and a plan 9 terminal,
and that should be a reasonable platform to give plan 9 a fair evaluation.

So, now that I've gotten this program to the point that it works, but
it isn't all that pretty, and I doubt I'll spend much time cleaning it
up.  But, perhaps it will be useful for others on the net.  If you'd
like to help improve it, please get in touch.

If you would like to receive a copy of this program, please send email
to <pace@blitz.com> stating that:

	you are a plan 9 licensee
	you are a United States citizen
	your email is delivered in the United States

I'll send a uuencoded, gzipped tar file by return email.  To international
users, I apologize for the silly US export rules, but I don't know what
else I can do.

Here is some minimal documentation:

The package contains three programs: auth.srv, setkey and netkey.

auth.srv contains an IL protocol driver which communicates with the
world via a SOCK_RAW socket, plus a plan 9 authentication server.  It
listens for requests on IL port 566, and generates responses based on
the key file "/etc/auth.keys".

setkey sets the key for a given account.

netkey is a straightforward port of the program by the same name in plan 9.
It is used for answering telnet challenges.

INSTALLATION:

I did this work on BSDI BSD/386 1.1 and BSD/OS 2.0.1.  It ought to
work on any system with sockets, but it will probably need some minor
tweaking.  Also, it assumes that getpass(3) can return long passwords.
I think that older systems have a limit of 8 bytes, but plan 9 has
requires a minimum of 8 bytes.

The configuration options:

ilgate.c:   LOGFILE
auth.h:     KEYFILE and NEW_KEYFILE
Makefile:   installation directory

Type "make" then "make install" as root.  Since the program must use
a raw socket, it has to be run as root.  A useful improvement would be
to have the program relinquish its root privileges after it has its
files opened.

Run "setkey" as root to create a key for yourself, and for the
"authid" mentioned in section 4 of the paper "Installing the Plan 9
Distribution".

For the first try, run "auth.srv -d".  Then, on plan 9, edit
/lib/ndb/local and set "auth=XXX" to point at your unix machine.  Do
something that needs authentication (e.g. boot the terminal and login
with a name other than none), and see if it works.

Eventually, you'll want to put "auth.srv -b" in /etc/rc.  "-b" means
background, and causes logfile output to go to /var/log/auth.srv.

authentication server for unix

[Pace]

I've got a plan 9 authentication server running on a stock BSDI unix
system.  The basic idea is that I wrote a SOCK_RAW based IL driver,
and then imported the main parts of the plan 9 auth.srv program.  You
probably don't need this unless you have at least 3 computers: a unix
system that you have to keep running even when playing with plan 9,
plus 2 other computers to run a plan 9 file server and a plan 9
terminal.

Here is the README file - follow the instructions if you'd like to 
receive a copy of the whole program.

Pace Willisson
pace@blitz.com



This is a (fairly) quick hack to make a plan 9 authentication server
that can run under unix.  Using it, you can set up a reasonably
complete plan 9 system with 2 dedicated ibm pc's - otherwise, you need
3 - a file server, a cpu/authentication server, and a terminal server.

You can eliminate the need for the plan 9 file server by running u9fs
on a unix machine, but that really slows things down (on my pentium,
sam compiles in 14 seconds with a plan 9 file server, but 44 seconds
using u9fs).

Once you have a plan 9 file server, you really need an authentication
server, otherwise, every time you boot the file server, you have to
catch it in the middle and type "allow" (and thus give up all
permission checking).

In the usual plan 9 systems, the authentication server runs on a cpu
server.  I looked for ways to get it to run on a terminal, but it
didn't seem like that would really work out (mainly due to the fake
nvram handling).  Perhaps Vadim's suggestions for merging the terminal
and cpu server functions could help, but since plan 9 is so new to me,
I can't evaluate them.

Except for running the authentication server, the cpu server is not
needed if your terminal is fast.  So, I adopted the goal of moving the
authentication server to a unix box that is always up.  Then, I can
use 2 ibm pc's to run the plan 9 file server, and a plan 9 terminal,
and that should be a reasonable platform to give plan 9 a fair evaluation.

So, now that I've gotten this program to the point that it works, but
it isn't all that pretty, and I doubt I'll spend much time cleaning it
up.  But, perhaps it will be useful for others on the net.  If you'd
like to help improve it, please get in touch.

If you would like to receive a copy of this program, please send email
to <pace@blitz.com> stating that:

	you are a plan 9 licensee
	you are a United States citizen
	your email is delivered in the United States

I'll send a uuencoded, gzipped tar file by return email.  To international
users, I apologize for the silly US export rules, but I don't know what
else I can do.

Here is some minimal documentation:

The package contains three programs: auth.srv, setkey and netkey.

auth.srv contains an IL protocol driver which communicates with the
world via a SOCK_RAW socket, plus a plan 9 authentication server.  It
listens for requests on IL port 566, and generates responses based on
the key file "/etc/auth.keys".

setkey sets the key for a given account.

netkey is a straightforward port of the program by the same name in plan 9.
It is used for answering telnet challenges.

INSTALLATION:

I did this work on BSDI BSD/386 1.1 and BSD/OS 2.0.1.  It ought to
work on any system with sockets, but it will probably need some minor
tweaking.  Also, it assumes that getpass(3) can return long passwords.
I think that older systems have a limit of 8 bytes, but plan 9 has
requires a minimum of 8 bytes.

The configuration options:

ilgate.c:   LOGFILE
auth.h:     KEYFILE and NEW_KEYFILE
Makefile:   installation directory

Type "make" then "make install" as root.  Since the program must use
a raw socket, it has to be run as root.  A useful improvement would be
to have the program relinquish its root privileges after it has its
files opened.

Run "setkey" as root to create a key for yourself, and for the
"authid" mentioned in section 4 of the paper "Installing the Plan 9
Distribution".

For the first try, run "auth.srv -d".  Then, on plan 9, edit
/lib/ndb/local and set "auth=XXX" to point at your unix machine.  Do
something that needs authentication (e.g. boot the terminal and login
with a name other than none), and see if it works.

Eventually, you'll want to put "auth.srv -b" in /etc/rc.  "-b" means
background, and causes logfile output to go to /var/log/auth.srv.