dyer@arktouros.MIT.EDU (Steve Dyer) (10/20/88)
In article <Oct.19.19.20.19.1988.5961@athos.rutgers.edu> hedrick@athos.rutgers.edu (Charles Hedrick) writes: >Unless they provide some way to lock a given optical disk in the machine >permanently, we sure can't put a system like that out in public. This has little to do with NeXT, except insofaras it addresses some of the security issues surrounding the disk which have been brought up here. At Project Athena here at MIT, the problem of security with publically accessible workstations was recognized early: namely, that it is impossible to trust an arbitrary machine connected to the network. We don't even try--in fact, the root password is the same for all public workstations and is widely published. The Kerberos authentication system developed as part of Athena provides a mechanism for a user on a workstation to positively identify themselves as legitimate users of the services available on the network in the Athena environment. Kerberos is described in the proceedings of the Winter '88 USENIX conference held in Dallas last February. In addressing the problem of NFS access and the ability to rewrite /etc/passwd on the local machine/filesystem, thus giving a workstation access to files owned by arbitrary UIDs, we have introduced the concept of "UID maps" on NFS servers which control access based on the IP address and UID fields of the incoming RPC/NFS packet. In the absence of an installed UID map, the credentials of the incoming request are changed to UID "nobody", analogous to the mapping already enforced in NFS for root access. A new rpc.mountd procedure call which uses Kerberos securely installs a new UID map on the NFS server at the user's request. There are no kernel modifications necessary on the client workstation; just the Kerberos software and a new command used with the mount command which installs the UID map for the user. Inside Athena, these are combined into a single program, "attach", but the individual programs can also be used. UID maps are destroyed at logout time. The changes required to the NFS server are precisely 4 lines of code to the main server dispatch routine, and about 2 pages of code which manage the UID map structures. The NFS server has no knowledge of Kerberos; it merely looks for the presence of an installed UID map. The rpc.mountd program was modified to recognize a new procedure call which installs the UID map using a new system call, after authenticating the request via Kerberos. Although this scheme was developed for Vaxstations and RT/PC running 4.3BSD, it will work with any system providing NFS which supports application access to the RPC layer. We have it running under A/UX right now, and it should be trivial to add it to the NeXT system, which we will once our machines are delivered. If your machines which provide your NFS service come with kernel source code, you should be able to make the necessary modifications with little effort. Kerberos is also used for authentication of other services, such as rlogin, rsh, POP, just to name a few. Naturally, changing these to use Kerberos requires source code. --- Steve Dyer dyer@arktouros.MIT.EDU dyer@spdcc.COM aka {harvard,husc6,ima,bbn,m2c,mipseast}!spdcc!dyer
casey@admin.cognet.ucla.edu (Casey Leedom) (10/20/88)
| From: dyer@arktouros.MIT.EDU (Steve Dyer) | | | From: hedrick@athos.rutgers.edu (Charles Hedrick) | | | | Unless they provide some way to lock a given optical disk in the machine | | permanently, we sure can't put a system like that out in public. | | This has little to do with NeXT, except insofar as it addresses some of | the security issues surrounding the disk which have been brought up here. | | [Standard, but nice outline of what the Project Athena people are doing | at MIT with regard to transparent global authentication: i.e. Kerberos.] I had hoped that NeXT would include some of the project Athena work in their release. Athena seems to be doing some of the best work in transparent networking services, including authentication. [See the Winter 1988 Dallas USENIX Conference proceedings for a very nice outline of the Project Athena work.] o All of the Athena work has been done with an orientation toward the large campus distributed network model that Jobs himself seems to be aiming at. o The Athena work is also a real product currently in use and working well at MIT. The Project Athena work, together with the NeXT machine could provide the base for the first fully functional implementation of the Mythical CMU SPICE Machine. [And the dynamic IP address assignment concepts that have recently been discussed in comp.protocols.tcp-ip would really round the team out.] The CMU SPICE Project's goal was to design a machine which would be integrated into the curriculum of every department on campus, not just the Computer Science and Engineering departments. Every student would be required to buy one of the machines which would be paid off through their four years at the University. At various stages, the SPICE Machine specifications included many of the features provided by NeXT. NeXT could be easily mistaken for a proof of concept SPICE Machine. I would be extremely surprised if Jobs wasn't influenced by some of the SPICE Project ideas. I would like to take this chance to applaud Steve Jobs and the NeXT development and advisory teams. I think they've come out with the perfect machine for their stated market. I've heard people complain that the music output, sound sampling, etc. facilities are superfluous, or that it's missing color graphics, floppy disk drive, a RISC processor, etc. I think those people have missed the boat completely. o The machine isn't just for Computer Science and Engineering folk; it's for *everyone* in the university. This includes the Music, Arts, English, History, Linguistics, Biology, Chemistry, etc., etc., etc. departments. And I think that Computer Science and Engineering people may well find that they like being able to do voice annotation of documents and the ability to see and hear what their colleagues are doing in the Arts and Music departments ... o In order to bring this machine in to its targeted market, it can't cost any more than it does. At $6500, a student can purchase it for $25/($1000 base price)/month at 11% interest, which comes to $162.50/month. Even this is a bit much; I look forward to the price coming down when that 45 chip count let's NeXT do some nice mass production work. Additionally I think that NeXT has given a the computer industry a much needed kick in the ass. They are the proof of concept that you can offer more for less. That we, as customers, don't have to settle for slow lossy hardware and software. I fully expect to see some dramatic price drops in various manufacturers' equipment ... And this won't only affect the University market, because I also fully expect NeXT to enter the general market after they've had a chance to see how the machine shakes out in the university. Casey -------- If I had one wish, it wouldn't be that everyone vote for Dukakis. That would be cheating. Rather, I would wish merely that people examine the issues, the candidates, and their positions, and then make a careful, reasoned choice. At least then I wouldn't feel like the victim of a mindless stampede, motivated entirely by a false sense of satisfaction ...