Yet Another useful paper

David Wright dww at stl.stc.co.uk
Sat Jan 7 21:48:46 AEST 1989 

In article <276 at gloom.UUCP> cory at gloom.UUCP (Cory Kempf) writes:
#In article <13022 at bellcore.bellcore.com> karn at ka9q.bellcore.com (Phil Karn) writes:
#> The answer to that problem is a good
#>authentication scheme that would allow you to give your password only once
#>(when logging in to your "home" computer) which would then enable your
#>system to authenticate you to the other systems you use regularly on the
#>network. 
#
#Let's see if I have this right... you are going to allow the
#workstation that is sitting on my desk to convince another system that
#I am me, right?
#This workstation that will then lie for me if I ask it to? and tell
#your system that I am you?  Or just about anybody else?
#Really?

Yes, of course.   Why not?   Not without some help, and not with current 
standard UNIX and rsh/rlogin/etc. programs, but it is possible.

Part of the help will have to be a trusted authentication server somewhere
on the network.  Now your workstation - which knows your password (you just
typed it in, remember?) - can persuade the authentication server that you are
you.   Root or not, it does not know MY password, so if it tells the server
that you are me, it won't be believed.  (Yes, of course the transaction to
the server is encrypted in case someone is listening on the cable).

The authentication server will then issue a session key to your user agent,
(e.g. a program in your workstation).  If the permissions held by the 
services (or perhaps by the authentication server) allow you to use those 
services, then they will allow YOUR access based on the session key your 
user agent presents to them, which they will validate by asking the 
authentication server.   Again, the session keys have to be transferred 
through an encrypted channel, or else used as a pair like public and 
private keys in a public key system.

You can't use MY session key because it wasn't issued to you.  If perchance
you find it out, it won't help for long as it will become invalid at the end
of MY session, or after a short time period.   It could even be changed every
few minutes, at the expense of a few extra authentication transactions 
going on in the background.

The above is only a simple sketch of what would be a fairly complex system.
But I hope (even if it is incomplete) it shows that it is possible to 
design an environment in which a user logs on once ("to the network") and
then can use services on the network without logging in again to each host
that a wanted service happens to be on, even though the workstation the user
is directly using is insecure.
-- 
Regards,       "Are you sure YOUR password won't appear in RTM's next list?"
        David Wright           STL, London Road, Harlow, Essex  CM17 9NA, UK
dww at stl.stc.co.uk <or> ...uunet!mcvax!ukc!stl!dww <or> PSI%234237100122::DWW

More information about the Comp.unix.wizards mailing list