Coda File System

Next Previous Contents

2. Authentication and secure connections.

The system of authentication and encryption of data going between clients and servers is very close to that employed by Kerberos 5, see ???.

The key ingredients in the mechanisms are as follows:

Let us look at the details.

2.1 Encryption

The files rpc2.h and secure.c in the RPC2 package contain the cryptographic routines. For export reasons only RPC2_XOR is in use, but it would be easy to use DES too.

A bit of cleanup seems to be needed, also in the random number routines.

2.2 Secure and authenticated connections

RPC2 allows to bind to a server (i.e. set up a connection) in 4 ways:


neither authenticated nor encrypted


authenticated but not encrypted


authenticated and headers of RPC packets are encrypted


authenticated and RPC packets are encrypted.

The security implications for the different types of connections are discussed in Satya's paper, as well as the algorithm employed in the bind routine (RPC2_NewBinding, rpc2a.c).

Of interest here is that the encryption type is given to the bind routine as a variable. A small amount of cleanup in secure.c should help to make DES encryption an easy switch. It would be interesting to measure the effect of encryption on performance.

2.3 Authentication tokens

In the preceeding two subsections we did not explain how a shared secret between the server and client can be established. The following three methods of acquiring such a secret are in place:

  1. upon authentication the auth server and the client can share the password of the user to establish a secure connection
  2. in the final stages of authentication the auth server can send the client a session key, which it also shares with the server
  3. venus and the server use the session key from the authentication protocol to establish a secure connection

Let us go into detail for case 1. Coda employs the clog program to get a session key. clog looks up the username in /etc/passwd and tries a secure binding with the auth server using the username as ClientIdent and the password, which it got from the user, as the Secret. It then executes a standard bind request to the auth server.

The auth server receives this request (using RPC2_GetRequest in which points to the routine PWGetKeys as a means to acquire the shared secret for the bind routine.

PWGetKeys is the heart of password authentication. The viceid for the user is looked up (see the documentation regarding the protection database) and password file is opened to find her password. The password can be decrypted with the FileKey ("dreuss "). At this moment PWGetKeys returns and the client and server share a secret. (XXX: the routines copying passwords copy buffers of a fixed length and might not deal with passwords which are too short gracefully).

It tries a host listed as an argument to clog to find an auth server or cycles through the hosts in vstab. If the binding is successful this is taken as a guarantee that the password was correct, and clog proceeds by placing the AuthGetTokens rpc. The server

The next rpc which clog makes invokes AuthGetTokens which sets the last used time one the ui component of the clientident and returns two tokens to the client:

Of course this information is returned over the connection secured by the users password.

We now enter the last stage of clog: it must tell Venus what about the two keys it acquired for the user. This is the routine U_SetLocalTokens, This routine passes the two tokens to Venus through a pioctl. (similar routines get the tokens or remove the tokens).

2.4 Bugs to fix and things to improve

Next Previous Contents