svn commit: lorikeet r254 - in trunk/white-papers: .

abartlet at samba.org abartlet at samba.org
Thu Apr 14 01:07:00 GMT 2005 

Author: abartlet
Date: 2005-04-14 01:07:00 +0000 (Thu, 14 Apr 2005)
New Revision: 254

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=254

Log:
Add future requirements, references

Andrew Bartlett

Modified:
   trunk/white-papers/gensec-white-paper.lyx


Changeset:
Modified: trunk/white-papers/gensec-white-paper.lyx
===================================================================
--- trunk/white-papers/gensec-white-paper.lyx	2005-04-13 22:56:53 UTC (rev 253)
+++ trunk/white-papers/gensec-white-paper.lyx	2005-04-14 01:07:00 UTC (rev 254)
@@ -56,6 +56,12 @@
  
 \layout Standard
 
+The series of subsystems presented in this paper are the culmination of
+ four years of thought and development, since the first `Authentication
+ rewrite' work on the then Samba HEAD development branch back in 2001.
+ 
+\layout Standard
+
 Because Samba4 took the challenge to match Microsoft's latest releases exactly,
  the issues surrounding Active Directory, and modern security technologies
  quickly came to the fore.
@@ -275,8 +281,12 @@
 \layout Standard
 
 On the Microsoft side of the fence, it is well known that Microsoft uses
- a subsystem called SSPI (Security Support Porvider Interface) to handle
- almost all their network authentication and encryption interactions.
+ a subsystem called SSPI (Security Support Porvider Interface)
+\begin_inset LatexCommand \citep{sspi}
+
+\end_inset 
+
+ to handle almost all their network authentication and encryption interactions.
  This module, modeled after GSSAPI but without API compatibility, provides
  all windows applications, but in particular the OS itself, with a single
  interface to these `security functions'.
@@ -322,7 +332,7 @@
 \layout Standard
 
 In short, Samba's client applications must no longer unconditionally prompt
- for a password, and instead handle some appropriate callback.
+ for a password, and must instead provide some appropriate callback.
  
 \layout Section*
 
@@ -362,13 +372,23 @@
 \layout List
 \labelwidthstring 00.00.0000
 
-NTLMSSP The standard NTLM challenge response system, used by all modern
- windows systems.
+NTLMSSP
+\begin_inset LatexCommand \citep{opengroupntlm,davenportntlm}
+
+\end_inset 
+
+ The standard NTLM challenge response system, used by all modern windows
+ systems.
 \layout List
 \labelwidthstring 00.00.0000
 
-Kerberos Kerberos, oringally from MIT's project Athena is a crypographicly
- secure trusted-third-party security system.
+Kerberos
+\begin_inset LatexCommand \citep{mitkrb5}
+
+\end_inset 
+
+ Kerberos, oringally from MIT's project Athena is a crypographicly secure
+ trusted-third-party security system.
  Kerberos version 5 (krb5) is the current standard.
 \layout List
 \labelwidthstring 00.00.0000
@@ -386,7 +406,7 @@
 \labelwidthstring 00.00.0000
 
 SCHANNEL Schannel is the security mechanism used between Microsoft client
- workstations and servers for domain membership, and used the machine trust
+ workstations and servers for domain membership, and uses the machine trust
  account.
 \layout Standard
 
@@ -453,8 +473,8 @@
 \family default 
  utility.
  This needed substatial extension, but unlike the code used in the rest
- of Samba3, this was quite practical, and did not drasticly alter the parse
- layer.
+ of Samba3, this was quite practical as it already possesed distinct parse
+ and logic layers.
 \layout Standard
 
 This code now selects between the registered GENSEC mechanisms, in choosing
@@ -533,7 +553,7 @@
 
 The solution was to replace all these arguments with a single context pointer,
  on which the low-level code may now inquire for the information it actually
- requires.
+ requires, and which may be expanded without changing all the layers in-between.
  Likewise, the command-line parsing code now has a single place to fill
  in the information it knows, as well as how well it knows it (guessed from
  an environment variable, specified on the command line etc).
@@ -554,12 +574,6 @@
  
 \layout Subsection*
 
-Local Authentication
-\layout Subsection*
-
-Domain Membership
-\layout Subsection*
-
 Interfaces
 \layout Section*
 
@@ -613,10 +627,17 @@
  Pass length-bounded packets of data between the peers, until both are satisfied
  with the negotiation.
  
+\layout List
+\labelwidthstring 00.00.0000
+
+
+\family typewriter 
+gensec_set_credentials
+\family default 
+() This API links an existing credentials context to this GENSEC context.
 \layout Standard
 
-Other APIs are provided to obtain information to the server about the incoming
- client, as well as to control the user-name and password that is sent.
+Other APIs are provided to obtain information such as the name of the client.
  Because GENSEC is all 
 \family typewriter 
 talloc()
@@ -856,15 +877,43 @@
 \layout Section*
 
 Future requirements
+\layout Standard
+
+GENSEC and the other security subsystems with which it collaborates are
+ not the end of the line in this area: there is still a lot of work to do,
+ particularly as we try and assist other projects in the use of this infrustruct
+ure, and as we cope with newer requirements on the Samba code generally.
 \layout Subsection*
 
 Asyncronous request support
+\layout Standard
+
+The particular area that looms as a change for GENSEC is that of asyncronous
+ request support.
+ This involves saving state regarding the progress of the GENSEC transation
+ into the context, such that the state machine can return to the main processing
+ loop, and be recalled later.
+ This is currently an issue in the NTLMSSP server, where we contact a remote
+ domain controller, and we must process other packets while we wait for
+ a reply.
+ Likewise, we would hope not to block in the GENSEC client, while we wait
+ for packets to return from a KDC we may need to talk to.
 \layout Subsection*
 
 Moving beyond Samba
 \layout Standard
 
+As GENSEC becomes more useful, we also should seriously consider how it
+ is best used outside Samba.
+ For example, many projects are now using Samba's ntlm_auth to handle NTLMSSP
+ authentication, but at some point soon they may wish to handle SPNEGO,
+ and more particularly the signing and sealing of the subsequent data streams.
+ It is likely that this may require GENSEC to be rewitten into an external
+ library, (as it is rather Samba-specific at this point), but this is yet
+ to be determined.
+\layout Standard
 
+
 \begin_inset LatexCommand \BibTeX[plainnat]{/home/data/samba/lorikeet/samba4-ad-thesis/thesis,/home/data/samba/lorikeet/samba4-ad-thesis/rfc}
 
 \end_inset

More information about the samba-cvs mailing list