/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
/***********************************************************************
*
* README for CasaAuthtokenValidateD
*
***********************************************************************/
INTRODUCTION
CasaAuthtokenValidateD provides a service that is utilized by libcasa_s_authtoken
for the validation of CASA Authentication Tokens.
Processes executing libcasa_s_authtoken communicate with CasaAuthTokenValidateD via
domain sockets. CasaAuthTokenValidateD validates authentication tokens by invoking
the appropriate CASA Authentication Token Java classes.
COMMAND LINE PARAMETERS
CasaAuthtokenValidateD has the following command line parameters:
-b BeginThreads
Optional parameter that specifies the initial number of threads utilized by the
service to process requests.
-g GrowThreads
Optional parameter that specifies the number of threads by which the service can
grow its thread pool utilized for processing requests.
-m MaxThreads
Optional parameter that specifies the maximum number of threads that the service
can have in its thread pool for processing requests.
-D DebugLevel
Optional parameter that specifies the level used for logging debugging information.
0 being the lowest debug level.
-d
Optional parameter that specifies that the service must be run as a daemon.
-s
Do not use multiple threads to call into the JVM when invoking the authentication
token verification classes. This option was added to have a temporary work around
to bug present in Sun's JVM Invoke Interface (BUG221420).
SECURITY CONSIDERATIONS
Appropriate rights need to be set on the folder used by CasaAuthtokenValidateD to
create its listeing socket to keep other services from hijacking it and taking on
the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its
listen socket in the /var/lib/CASA/authtoken/validate/ folder.
The SuSE rpm package for this component only allows processes executing as casaatvd
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
process to connect to it. This setup may allow a rogue process to easily launch a
denial of service attack on CasaAuthtokenValidateD. If this is not acceptable then
change the rigths on the folder to only allow selected users to connect to it.