SunAuthUnixDoc.tioga
Demers, November 10, 1987
Demers, November 10, 1987 7:55:38 am PST
SunAuthUnix
CEDAR 7.0 — FOR INTERNAL XEROX USE ONLY
SunAuthUnix
Unix-flavor SunRPC Credentials from Cedar
A. Demers
© Copyright 1987 Xerox Corporation. All rights reserved.
Abstract: This package constructs Unix-flavor SunRPC credentials for Cedar users. It has no direct clients, but Cedar/Sun interoperators need to know what it does.
Created by: A. Demers
Maintained by: A. Demers <Demers.pa>
Keywords: Authentication, Credentials, Interoperability, RPC, Sun, Unix
XEROX  Xerox Corporation
   Palo Alto Research Center
   3333 Coyote Hill Road
   Palo Alto, California 94304

For Internal Xerox Use Only
1. Unix Credentials
Many Sun remote programs operate on behalf of particular Unix users and require the access rights associated with that user. Unix-flavor SunRPC credentials make this possible. Essentially, a Unix-flavor credentials object consists of a Unix uid ("user id", a CARDINAL) and a list of up to 10 Unix gid's ("group id's", also CARDINALs). You can think of these numbers as capabilities. They are host-specific, but our far-sighted system administrators have arranged for all Suns to use the same space of uid's and gid's, and to store them in the Yellow Pages data base.
There are no passwords or encryption or other such frills. The basic philosophy here is that all kernels are trustworthy, so for example if a server receives a remote procedure call claiming to be from John Smith and requesting that a file be deleted, it takes it on faith that the call really is from John Smith and deletes the file if John Smith is entitled to do so.
This is clearly bogus, and Sun has plans to fix it eventually. For now, we just make every effort to ensure that Cedar kernels are trustworthy in the above sense. That is, we need a reliable way to map Cedar (Grapevine or XNS) credentials to legitimate Unix uid/gid sets.
2. How SunAuthUnix works
What it does
A Cedar client asks for Unix-flavor SunRPC credentials by calling SunRPCAuth.Initiate with flavor set to SunRPCAuth.unixFlavor. This may happen automatically, e.g. when FS attempts to contact an NFS server. The SunAuthUnix package takes the following steps:
Get the logged-in user's Grapevine name by calling UserCredentials.Get[].
Convert the name to a userName acceptable to Unix: eliminate the GV registry part, translate to lower case, truncate to d 8 characters. (SunAuthUnix.FixNameForUnix[name]).
Look up the userName in the Yellow Pages map "hosts.byname", obtaining a Unix password file entry. Extract the uid and primary gid from this entry. No password checking is done in this step.
Search the Yellow Pages map "groups.byname" for groups containing the userName. Extract the first 10 such gid's encountered.
If any of the above steps fails, the entire SunRPCAuth.Initiate call fails.
Requirements
As implied by the previous section, any Cedar user who wants to do RPC to a Sun server must:
- have a valid Unix password entry in the Yellow Pages data base;
- have a valid Unix account (with the same uid and gid) on the server, if the server isn't using the Yellow Pages itself (currently all CSL servers use the Yellow Pages);
- have a Unix userName equal to the user's GV name as it would be transformed by SunAuthUnix.FixNameForUnix.
There is no requirement that GV and Unix passwords agree. Consult your local Unix system administrator for details.