/*********************************************************************** * * Copyright (C) 2006 Novell, Inc. All Rights Reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; version 2.1 * of the License. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Library Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, Novell, Inc. * * To contact Novell about this file by physical or electronic mail, * you may find current contact information at www.novell.com. * * Author: Juan Carlos Luciani * ***********************************************************************/ /*********************************************************************** * * README for CasaAuthtokenValidateD * ***********************************************************************/ INTRODUCTION CasaAuthtokenValidateD provides a service that is utilized by libcasa_s_authtoken for the validation of CASA Authentication Tokens. Processes executing libcasa_s_authtoken communicate with CasaAuthTokenValidateD via domain sockets. CasaAuthTokenValidateD validates authentication tokens by invoking the appropriate CASA Authentication Token Java classes. COMMAND LINE PARAMETERS CasaAuthtokenValidateD has the following command line parameters: -b BeginThreads Optional parameter that specifies the initial number of threads utilized by the service to process requests. -g GrowThreads Optional parameter that specifies the number of threads by which the service can grow its thread pool utilized for processing requests. -m MaxThreads Optional parameter that specifies the maximum number of threads that the service can have in its thread pool for processing requests. -D DebugLevel Optional parameter that specifies the level used for logging debugging information. 0 being the lowest debug level. -d Optional parameter that specifies that the service must be run as a daemon. -s Do not use multiple threads to call into the JVM when invoking the authentication token verification classes. This option was added to have a temporary work around to bug present in Sun's JVM Invoke Interface (BUG221420). SECURITY CONSIDERATIONS Appropriate rights need to be set on the folder used by CasaAuthtokenValidateD to create its listeing socket to keep other services from hijacking it and taking on the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its listen socket in the /var/lib/CASA/authtoken/validate/ folder. The SuSE rpm package for this component only allows processes executing as casaatvd to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any process to connect to it. This setup may allow a rogue process to easily launch a denial of service attack on CasaAuthtokenValidateD. If this is not acceptable then change the rigths on the folder to only allow selected users to connect to it.