Re: security and multi-user

From: "Shawn T. Amundson" <amundson gimp org>
To: Miguel de Icaza <miguel nuclecu unam mx>
cc: gnome-components-list gnome org
Subject: Re: security and multi-user
Date: Tue, 17 Mar 1998 06:58:03 -0800 (PST)

On Tue, 17 Mar 1998, Miguel de Icaza wrote:

> 
> 
> > My first thoughts are that if I use unshared objects that I can
> > use some username/password simple auth and check that auth has
> > been done to the top of every function.
> [...]
> > the implementation would be something like:
> > 
> > char* AddressBook::search (const char *regex) {
> >   if (!auth_ok())
> 
> You would only need to do authentication at object creation time.

Well, that makes sense of course.  But only if you can get all
the info (which requires at least a couple round trips or so)
and still after that deny creation of the object.

> Now, what I think we should do is write a nice set of wrappers that
> would hide all of the authentication complexity behind our nice api.

This would seem to be the single most important GNOME project, as
no real useful CORBA stuff can be written without some security model.
;-)

> I am thinking right now that we could have an agent, pretty much like
> the ssh-agent, to which you authenticate initially.  Once you have
> authenticated to this "security" agent, you use the IOR of this agent
> to get new references to objects.  The agent would do all of the
> authentication and access granting for you and finally return you an
> object reference to an initialized widget.

This would be a kick ass model, but I'm not sure how practical this is
being it doesn't exist and is not trivial to code like my example. 

We need to recruit one of these ssh gurus for GNOME.  

> 
> > crypt methods could be somewhat pluggable so they can range from
> > plaintext to whatever works.
> 
> Use PAM, default to crypt on systems without it.

Hrm?  I'm not familiar with PAM enough to know how it would be useful
in this context...  It isn't really useful to use auth info in the
passwd file as you may want remote users that don't have a system
account. (In the case of a request system for example...)

Well, the system call crypt() is obviously useless for this type of
stuff... When I write cryptit() and uncrypt() I mean DES/Idea or some
other key exchange system.

--
Shawn T. Amundson               
amundson@gimp.org               http://www.gimp.org/~amundson

"The assumption that the universe looks the same in every
 direction is clearly not true in reality." - Stephen Hawking

Follow-Ups:
- Re: security and multi-user
  - From: Elliot Lee
- Re: security and multi-user
  - From: Miguel de Icaza

References:
- Re: security and multi-user
  - From: Miguel de Icaza

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]