1 / 9

Module 12 – Authentication

Module 12 – Authentication. Objectives. Authentication 의 개념 및 종류에 대해 이해한다 . Authentication 관련 구조체에 대해 이해한다 . Unix Authentication 함수 및 간단한 응용 프로그램을 작성한다 . DES Authentication 함수 및 간단한 응용 프로그램을 작성한다. Authentication. RPC Call 은 authentication 을 요구 two element

kasi
Download Presentation

Module 12 – Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 12 – Authentication

  2. Objectives • Authentication의 개념 및 종류에 대해 이해한다. • Authentication 관련 구조체에 대해 이해한다. • Unix Authentication 함수 및 간단한 응용 프로그램을 작성한다. • DES Authentication 함수 및 간단한 응용 프로그램을 작성한다

  3. Authentication • RPC Call은 authentication을 요구 • two element • Credential : identification information • ex) 주민 등록증 • Verifier : proof that credential is valid • ex) 주민 등록증의 사진 • Four levels or “flavors” of authentication • No authetication • UNIX authentication • DES autentication • PC에서 가장 secure한 형태

  4. Authentication information – client side typedef struct { AUTH *cl_auth; /* authenticator */ struct clnt_ops { enum clnt_stat (*cl_call)(); /* call remote procedure */ void (*cl_abort)(); /* abort a call */ void (*cl_geterr)(); /* get specific error code */ bool_t (*cl_freeres)(); /* frees results */ void (*cl_destroy)(); /* destroy this structure */ bool_t (*cl_control)(); /* the ioctl() of rpc */ } *cl_ops; caddr_t cl_private; /* private stuff */ char *cl_netid; /* network token */ char *cl_tp; /* device name */ } CLIENT;

  5. Authentication information – client side typedef struct { struct opaque_auth ah_head; /* client crentials */ struct opaque_auth ah_verf; /* associated verification */ union des_block ah_key; struct auth_ops; { void (*ah_nextverf)(); int (*ah_marshal)(); /* nextverf & serialize */ int (*ah_validate)(); /* validate varifier */ int (*ah_refresh)(); /* refresh credentials */ void (*ah_destroy)(); /* destroy this structure */ } *ah_ops; caddr_t ah_private; } AUTH; struct opaque_auth { enum_t oa_flavor; /* flavor of authentication */ caddr_t oa_base; /* address of more auth stuff */ u_int oa_length; /* not to exceed MAX_AUTH_BYTES */ };

  6. AUTH_NONE • Authnone_create(); AUTH *authnone_create(); • Client handle을 생성 후 호출 CLIENT *clnt_p; … clnt_p = clnt_create(…); clnt_p->cl_auth = authnone_create();

  7. AUTH_UNIX • UNIX-style Credential, No or Limited Verification • Client host name, user id, group id, group access list CLIENT *clnt; (AUTH *) clnt->cl_auth = authunix_create_default(); • request는Clnt를통해서다음과같은authentication 정보를포함 struct authunix_parms { u_long aup_time; /* credentials creation time */ char *aup_machname /*hostname where client is */ int aup_uid; /* client's UNIX effective uid */ int aup_gid; /* client's current group id */ u_int aup_len; /* element length of aup_gids */ int *aup_gids; /* array of groups user is in */ };

  8. AUTH_DES • UNIX Authentication 보다 더 일반적이고 좋은 보안 지원 • Verification은 encrypted timestamps에 의해 이루어 짐 • Credential은 netname에 의해 이루어짐 • OS name, user id, domain name • Requirements • keyserv daemon이 필요 • User는 시스템 관리자로부터 public key 할당 받아야 됨 • User’s secret key는 keylogin 명령을 이용하여 복호화 • 시스템은 시간 동기화 기능이 필요 • encryption key는 public key database에 유지

  9. AUTH_DES Function • Authdes_create() AUTH *authdes_create(netname, window, syncaddr, desktop) char *netname; unsigned window; struct sockaddr_in *syncaddr; des_block *deskeyp;

More Related