Date: Wed, 15 Jul 1998 19:55:43 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: freebsd-security@FreeBSD.ORG Cc: freebsd-hackers@FreeBSD.ORG Subject: Announcement: 0.2 Release: Experimental Authentication and Authorization Token Management Extensions in the FreeBSD Kernel Message-ID: <Pine.BSF.3.96.980715193929.16958A-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
This is the release announcement for ktokens-0.2, now available for download from http://www.watson.org/fbsd-hardening/tokens/ Announcements of future versions will be made only to the FreeBSD Security mailing list (freebsd-security@freebsd.org) and not freebsd-hackers. If there is sufficient interest from parties not subscribed to freebsd-security, I will set up an announcement mailing list for ktokens. New Features since 0.1 ---------------------- - Mod unload garbage collection now works - Bug fixes - Rudimentary TOKEND behavior implemented - KerberosIV patches to use Tokens/PAGs - Setuidtoken implemented as sample syscall access control behavior - More extensive user test utilities - Makefiles improved -- make install added (What follows is the same as the 0.1 announcement) Experimental Authentication and Authorization Token Management Extensions in the FreeBSD Kernel Robert Watson Abstract FreeBSD, a derivative of the 4.4BSDlite research operating system developed at the University of California at Berkeley, is used in a variety of networked and stand-alone computing environments. FreeBSD makes use of a simple yet flexible user-based authorization model following the UNIX example. However, this model is not scalable across large computing infrastructures with multiple administrative domains, and the model does not interact well with the differing paradigms supported by a variety of network operating systems. This document proposes a set of extensions to the FreeBSD kernel providing both authentication and authorization "tokens", allowing greater flexibility in supporting a variety of authentication and authorization models. Tokens are the kernel's representation of a fragment of data relating to the capabilities and keying material associated with a set of processes, or Process Authentication Group (PAG). A sample implementation of a subset of the described token behavior via a loadable kernel module available for download, along with a set of utilities for experimenting with the token behavior. Expansion on the implementation to provide additional features and sample uses will be forthcoming. URL: http://www.watson.org/fbsd-hardening/tokens/ Email: robert+sec.ktokens@cyrus.watson.org The freebsd-security@freebsd.org mailing list is also an appropriate place to discuss the issues involved. Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980715193929.16958A-100000>