<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE> Coda Authentication and Protection: Coda Security</TITLE>
 <LINK HREF="sec-2.html" REL=next>

 <LINK HREF="sec.html#toc1" REL=contents>
</HEAD>
<BODY>
<A HREF="sec-2.html">Next</A>
Previous
<A HREF="sec.html#toc1">Contents</A>
<HR>
<H2><A NAME="s1">1. Coda Security</A></H2>

<P>
<P>
<P>In this section we will describe the Coda security mechanisms as they
are currently implemented.  The basic reference for this material is
the paper "Integrating Security in a Large Distributed System",
(M. Satyanarayanan, ACM Transactions on Computer Systems, Vol 7.,
N. 3. August 1989, Pages 247- 280. )  There are a number of areas
where the current system could fairly easily be improved and we will
point out these areas.
<P>Basically the security in Coda falls into two parts:
<OL>
<LI> <B>Authentication and secure connections</B>: Coda's RPC2 package
has a mechanism for securily authenticating clients to servers and
vice versa and setting up encrypted channels between them. A key
element of this scheme is passwords for Coda users.</LI>
<LI> <B>Access control and protection datbases</B>: The files on Coda
servers are protect with directory access control lists. Such lists
grant permissions to users or groups and the structure of these is
stored in a Coda protection database.</LI>
</OL>
<P>The control of access to files and directories is simpler.  Access
control is established only after and authenticated connection has
been established.  It then uses the vice.pcf file in conjunction with
the ACL's to determine permissions.  The file vol.tk is the shared
secret between the volutil clients and the volutil server routines
inside srv.  This token is used to establish and authenticated
connection to the server from a volutil client. 
<P><B>Note:</B> It might make sense to allow a system administrator to get
volutil priviliges through a Coda token.
<P>
<H2><A NAME="ss1.1">1.1 Vice Configuration Files and authentication </A>
</H2>

<P>In terms of configuration files on the server, the authentication
process uses several:
<OL>
<LI> auth2.tk: the shared secret between the file server and the
authentication server. </LI>
<LI> the flag "dreuss " given to initpw is used to encrypt passwords
to prevent accidental disclosure</LI>
<LI> auth2.pwd contains the (uid, encrypted password pairs) using
the "dreuss " key</LI>
<LI> vice.pcf, the binary equivalent of vice.pdb is used to look up
uid's from user names</LI>
</OL>
<P>We will now proceed to describe the two components for security. 
<P>
<HR>
<A HREF="sec-2.html">Next</A>
Previous
<A HREF="sec.html#toc1">Contents</A>
</BODY>
</HTML>