[gomd-devel] Post-beta Authentication roundup

[rbaardman]

Hi,

I did some thinking (again) on the authentication stuff...and got to a 
conclusion (always nice :) Any remarks/questions/emotions are off course 
welcome.

The situation:
- Gomd listens on 2 ports. 1 port for SSL connection and 1 port for 
plain/text connections.

- When a client connects on the SSL port, gomd sends a random string (after 
receiving the username) encrypted by a form of the users' password to the 
client. The client will decrypt this string with the user-specified 
password and sends the (unencrypted) string back. When authentication is 
successfull, the newly created gomd thread will run under the UID of the 
just logged on user.

- When a client connects to the plain/text port, gomd will not ask for any 
user/pass, but will instantly create the new thread. This thread will run 
as user nobody.

Some things to notice:
- Gomd grabs user/pass info internally using PAM. This will add huge 
flexibility imho
- Hyjacked connections will have rights of user 'nobody' (since SSL 
hyjacking is not done)
- the user's password will _not_ be stored/sent plaintext.
- authentication will use some kind of private/public keypair encryption. 
how this works exactly we'll have to find out.
- Command execution can be limited due to rights.

NOTICE: We'll have to think about gomd2gomd and users. But that's for later 
concern and not a great matter since a cluster is already considered 
unsecure imho

cheers,

Roel "roeles" Baardman

P.s. please read this very good to avoid misunderstandings. I'll be on the 
gomd channel to answer all questions. Also, you can mail me at this address.

-- 
_____________________________________________________________________
Snel en voordelig ADSL nu voor iedereen bereikbaar.
Zon Breedband Budget voor EUR 14,95 per maand.
Nu tijdelijk geen aansluitkosten. Bestel snel op zonnet.nl/breedband