Shen: Installation

Installation in a large multiuser configuration.

For a large configuration with several hundred users it is undesirable to have to maintain separate keys for each user. In many cases most of the requests will in any case be for data objects stored on the machine cluster itself.

In such a situation it is useful to assign and register a single authentication key for the entire cluster and for messages to specify the roles a user is authorised to perform within the context of the master authentication key.

It is of course essential to ensure that access to the public key is restricted such that it may only be read by client executables trusted not to divulge it to the user. Such an event would be equivalent to the disclosure of the root password.

UNIX

An account is created to own the master key. Access to the master key by all other usernames is prevented. Trusted clients only are installed owned by the master key account and with the SETUID bit set.

VMS

Trusted clients are made installed images and granted a rights identifier that permits access to the master key.

Standard Authorised Roles.

In the standard configuration a user would be provided with their username as an authorised role plus any roles granted by the operating system (i.e .UNIX groups or VMS rights Identifiers).

For true distributed authorisation a user might be granted additional network roles.

Key Generation.

The standard htadm program is used to generate and maintain keys. Use of the new Digest scheme requires passwords to be stored in a different, incompatible format to the UNIX based format used previously. Older password entries may be read and used for the Basic scheme and old and new format passwords may be stored in the same file however.

Client installation (libwww clients)

The standard client rules file is used to specify sets of URLs for which security enhancements are to be made.

Password pattern filename

Specifies that the given password file is to be used for URLs matching the given pattern.

Challenge pattern scheme

Specifies that requests on URLs matching the given pattern shouldbe authenticated using the specified scheme. The Basic scheme is not a valid scheme for the purposes of this rule.

Respond pattern identifier

Specifies that replies to requests on URLs matching the patern must provide an authentication according to the key corresponding to the identifier.

Crypt pattern identifier

Specifies that requests for URLs matching the pattern are to be encrypted.

In addition to these site specific configuration options HTML texts may incorporate security directives. The configuration rules file is of principal benefit when securing communication between close parties such as those cooperating on the same project.

Client installation (Mosaic)

The current versions of Mosaic use a divergent and largely superceeded variant of CERN libwww. This variant does not incorporate client side rules files and consequently configuration options are more limited than those possible with libwww browsers.

Server installation.

Server installation is similar to that for previous releases of the CERN httpd. The main difference being that the schemes Digest and PubKey may also be specified in a protection file. Encryption of a returned object is enforced by specifying the dummy method ENCRYPT in the .www_acl file.