From owner-freebsd-security Wed Jul 15 16:55:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA07668 for freebsd-security-outgoing; Wed, 15 Jul 1998 16:55:55 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (root@COPLAND.CODA.CS.CMU.EDU [128.2.222.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA07650; Wed, 15 Jul 1998 16:55:52 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id TAA17006; Wed, 15 Jul 1998 19:55:44 -0400 (EDT) Date: Wed, 15 Jul 1998 19:55:43 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: freebsd-security@FreeBSD.ORG cc: freebsd-hackers@FreeBSD.ORG Subject: Announcement: 0.2 Release: Experimental Authentication and Authorization Token Management Extensions in the FreeBSD Kernel Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is the release announcement for ktokens-0.2, now available for download from http://www.watson.org/fbsd-hardening/tokens/ Announcements of future versions will be made only to the FreeBSD Security mailing list (freebsd-security@freebsd.org) and not freebsd-hackers. If there is sufficient interest from parties not subscribed to freebsd-security, I will set up an announcement mailing list for ktokens. New Features since 0.1 ---------------------- - Mod unload garbage collection now works - Bug fixes - Rudimentary TOKEND behavior implemented - KerberosIV patches to use Tokens/PAGs - Setuidtoken implemented as sample syscall access control behavior - More extensive user test utilities - Makefiles improved -- make install added (What follows is the same as the 0.1 announcement) Experimental Authentication and Authorization Token Management Extensions in the FreeBSD Kernel Robert Watson Abstract FreeBSD, a derivative of the 4.4BSDlite research operating system developed at the University of California at Berkeley, is used in a variety of networked and stand-alone computing environments. FreeBSD makes use of a simple yet flexible user-based authorization model following the UNIX example. However, this model is not scalable across large computing infrastructures with multiple administrative domains, and the model does not interact well with the differing paradigms supported by a variety of network operating systems. This document proposes a set of extensions to the FreeBSD kernel providing both authentication and authorization "tokens", allowing greater flexibility in supporting a variety of authentication and authorization models. Tokens are the kernel's representation of a fragment of data relating to the capabilities and keying material associated with a set of processes, or Process Authentication Group (PAG). A sample implementation of a subset of the described token behavior via a loadable kernel module available for download, along with a set of utilities for experimenting with the token behavior. Expansion on the implementation to provide additional features and sample uses will be forthcoming. URL: http://www.watson.org/fbsd-hardening/tokens/ Email: robert+sec.ktokens@cyrus.watson.org The freebsd-security@freebsd.org mailing list is also an appropriate place to discuss the issues involved. Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message