Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 26 Jun 1998 17:16:40 -0400 (EDT)
From:      Robert Watson <robert@cyrus.watson.org>
To:        freebsd-security@FreeBSD.ORG
Cc:        freebsd-hackers@FreeBSD.ORG
Subject:   Announcement: Experimental Authentication and Authorization Token Management Extensions in the FreeBSD Kernel
Message-ID:  <Pine.BSF.3.96.980626161954.463A-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help 

            Experimental Authentication and Authorization
          Token Management Extensions in the FreeBSD Kernel

                            Robert Watson

Abstract

FreeBSD, a derivative of the 4.4BSDlite research operating system
developed at the University of California at Berkeley, is used in a
variety of networked and stand-alone computing environments.  FreeBSD
makes use of a simple yet flexible user-based authorization model
following the UNIX example.  However, this model is not scalable across
large computing infrastructures with multiple administrative domains, and
the model does not interact well with the differing paradigms supported by
a variety of network operating systems.

This document proposes a set of extensions to the FreeBSD kernel providing
both authentication and authorization "tokens", allowing greater
flexibility in supporting a variety of authentication and authorization
models.  Tokens are the kernel's representation of a fragment of data
relating to the capabilities and keying material associated with a set of
processes, or Process Authentication Group (PAG).

A sample implementation of a subset of the described token behavior via a
loadable kernel module available for download, along with a set of
utilities for experimenting with the token behavior.  Expansion on the
implementation to provide additional features and sample uses will be
forthcoming.

URL:     http://www.watson.org/fbsd-hardening/tokens/
Email:   robert+sec.ktokens@cyrus.watson.org

The freebsd-security@freebsd.org mailing list is also an appropriate place
to discuss the issues involved.


  Robert N Watson 

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/
robert@fledge.watson.org              http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980626161954.463A-100000>