Coda File System

Next Previous Contents

1. Coda Security

In this section we will describe the Coda security mechanisms as they are currently implemented. The basic reference for this material is the paper "Integrating Security in a Large Distributed System", (M. Satyanarayanan, ACM Transactions on Computer Systems, Vol 7., N. 3. August 1989, Pages 247- 280. ) There are a number of areas where the current system could fairly easily be improved and we will point out these areas.

Basically the security in Coda falls into two parts:

  1. Authentication and secure connections : Coda's RPC2 package has a mechanism for securily authenticating clients to servers and vice versa and setting up encrypted channels between them. A key element of this scheme is passwords for Coda users.
  2. Access control and protection datbases : The files on Coda servers are protect with directory access control lists. Such lists grant permissions to users or groups and the structure of these is stored in a Coda protection database.

The control of access to files and directories is simpler. Access control is established only after and authenticated connection has been established. It then uses the vice.pcf file in conjunction with the ACL's to determine permissions. The file is the shared secret between the volutil clients and the volutil server routines inside srv. This token is used to establish and authenticated connection to the server from a volutil client.

Note: It might make sense to allow a system administrator to get volutil priviliges through a Coda token.

1.1 Vice Configuration Files and authentication

In terms of configuration files on the server, the authentication process uses several:

  1. the shared secret between the file server and the authentication server.
  2. the flag "dreuss " given to initpw is used to encrypt passwords to prevent accidental disclosure
  3. auth2.pwd contains the (uid, encrypted password pairs) using the "dreuss " key
  4. vice.pcf, the binary equivalent of vice.pdb is used to look up uid's from user names

We will now proceed to describe the two components for security.

Next Previous Contents