93 lines
3.3 KiB
Plaintext
93 lines
3.3 KiB
Plaintext
|
|
/***********************************************************************
|
|
*
|
|
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; version 2.1
|
|
* of the License.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Library Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, Novell, Inc.
|
|
*
|
|
* To contact Novell about this file by physical or electronic mail,
|
|
* you may find current contact information at www.novell.com.
|
|
*
|
|
* Author: Juan Carlos Luciani <jluciani@novell.com>
|
|
*
|
|
***********************************************************************/
|
|
/***********************************************************************
|
|
*
|
|
* README for CasaAuthtokenValidateD
|
|
*
|
|
***********************************************************************/
|
|
|
|
INTRODUCTION
|
|
|
|
CasaAuthtokenValidateD provides a service that is utilized by libcasa_s_authtoken
|
|
for the validation of CASA Authentication Tokens.
|
|
|
|
Processes executing libcasa_s_authtoken communicate with CasaAuthTokenValidateD via
|
|
domain sockets. CasaAuthTokenValidateD validates authentication tokens by invoking
|
|
the appropriate CASA Authentication Token Java classes.
|
|
|
|
COMMAND LINE PARAMETERS
|
|
|
|
CasaAuthtokenValidateD has the following command line parameters:
|
|
|
|
-b BeginThreads
|
|
|
|
Optional parameter that specifies the initial number of threads utilized by the
|
|
service to process requests.
|
|
|
|
-g GrowThreads
|
|
|
|
Optional parameter that specifies the number of threads by which the service can
|
|
grow its thread pool utilized for processing requests.
|
|
|
|
-m MaxThreads
|
|
|
|
Optional parameter that specifies the maximum number of threads that the service
|
|
can have in its thread pool for processing requests.
|
|
|
|
-D DebugLevel
|
|
|
|
Optional parameter that specifies the level used for logging debugging information.
|
|
0 being the lowest debug level.
|
|
|
|
-d
|
|
Optional parameter that specifies that the service must be run as a daemon.
|
|
|
|
-s
|
|
Do not use multiple threads to call into the JVM when invoking the authentication
|
|
token verification classes. This option was added to have a temporary work around
|
|
to bug present in Sun's JVM Invoke Interface (BUG221420).
|
|
|
|
SECURITY CONSIDERATIONS
|
|
|
|
Appropriate rights need to be set on the folder used by CasaAuthtokenValidateD to
|
|
create its listeing socket to keep other services from hijacking it and taking on
|
|
the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its
|
|
listen socket in the /var/lib/CASA/authtoken/validate/ folder.
|
|
|
|
The SuSE rpm package for this component only allows processes executing as casaatvd
|
|
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
|
|
process to connect to it. This setup may allow a rogue process to easily launch a
|
|
denial of service attack on CasaAuthtokenValidateD. If this is not acceptable then
|
|
change the rigths on the folder to only allow selected users to connect to it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|