[971] in Kerberos
Accounting Services, etc.
daemon@ATHENA.MIT.EDU (Riddick@DOCKMASTER.NCSC.MIL)
Fri Jun 1 11:02:28 1990
Date: Fri, 1 Jun 90 08:12 EDT
From: Riddick@DOCKMASTER.NCSC.MIL
To: Kerberos@ATHENA.MIT.EDU
Cc: Riddick@DOCKMASTER.NCSC.MIL
The latest set of messages on this mailing list brought up the issue of
accounting services for a network. Specifically, if we have this great
authentication tool (i.e., Kerberos) then wouldn't it be a good idea to
use it to enable a network accounting service?
In fact, to enable a reliable and accurate accounting service on a
network, we need a mechanism to ensure the authenticity and integrity of
accounting data. Currently, each vendor of a network service supplies
its own accounting tools for that service. Network operating systems,
such as Netware and Lan Manager, provide some tools, but they do not
integrate completely with the applications and they do not employ
reliable authentication mechanisms.
What is needed is an Application Programmer Interface (API) with a set
of callable functions to an accounting service. These functions would
enable the network service to submit accounting information to the
accounting server for incorporation into a centralized accounting
report. The accouting server provides the repository for this data, and
it provides accounting reports to the network service suppliers.
The only flaw in this concept is the complete lack of security for the
accounting data as it flows from network service to accounting server.
THE THE SOLUTION: Use an authentication mechanism (Kerberos) to
establish the identity of the service. Provide mutual authentication so
that the service knows he is really talking to the accounting server.
Provide message integrity between the network service and the accounting
server. Provide an API library that a vendor of a network service may
use to make calls to the accounting service. This API library makes the
underlying authentication protocols transparent to the caller.
As an aid to understanding how authentication fits into this problem,
let me provide a way of looking at authentication of clients and servers
on a network. In a network, there are two modes of authentication --
call them CONNECTION-ORIENTED and CONNECTIONLESS. In
connection-oriented authentication, the client's workstation only
presents a service ticket to the service at the initial contact for
service. Subsequent message exchanges with the service do not include
the ticket. The service authorization is valid as long as the client
remains logged on to the network and the ticket remains active. In
connectionless authentication, an authenticator must be supplied with
every service request packet or message between the client and the
service.
In connection-oriented mode, it is assumed that protection of the
communications between the service and the workstation are not at risk
of compromise. The connectionless mode ensures that the server
authenticates every request from the client so that the threat of
workstation masquerading is minimized. The connectionless mode does
incur more overhead than connection-oriented mode. Kerberos can be
classified as a connection-oriented authentication protocol.
All of these services should be based upon Remote Procedure Call (RPC)
mechanisms rather than direct communications interfaces to ensure that
they are accessible across dissimilar hardware and operating system
environments environments. The OSF has announced their selection of a
Distributed Computing Environment which includes Kerberos and an
enhanced Apollo RPC mechanism. AT&T/UI is also forming their own DCE.
Either one would serve as the platform for developing the accounting
service in question.
Finally, I would like to mention that my company is developing a product
that conforms to the Kerberos protocols and provides some of the
services mentioned. Also, I have been trying to port the V5 release of
Kerberos over to a 386 machine running SCO UNIX. The problems I have
encountered so far have been with the 'cpp' on my system stripping TABS
from the Makefiles forcing me to manually adjust those files. Also, I
have yet to get past the makedepend build due to compiler errors in the
source files. Specifically, there are a lot of BSD specific usages,
including the use of symbolic links. Are symbolic links used througout
the code, or can I safely remove the checks for symbolic links?
Anyone interested in discussing any of these issues can contact me via
email:
Riddick.Catwalk -at DOCKMASTER.NCSC.MIL
phone: (703) 758-0190
address: Chris Riddick
Simpact Associates, Inc.
12007 Sunrise Valley Drive
Reston, VA 22091
