CASA/CASA-auth-token/server/AuthTokenValidate/Svc
2007-02-06 22:52:44 +00:00
..
linux Changes to address issues brought up by the security review. 2007-02-06 22:52:44 +00:00
Makefile.am The non-java project is being replaced by a client and a server project 2006-11-13 04:05:01 +00:00
README Modifications to resolve issues found during self-code review. 2006-12-08 05:45:03 +00:00
TODO The non-java project is being replaced by a client and a server project 2006-11-13 04:05:01 +00:00

/***********************************************************************
 * 
 *  Copyright (C) 2006 Novell, Inc. All Rights Reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; version 2.1
 *  of the License.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, Novell, Inc.
 * 
 *  To contact Novell about this file by physical or electronic mail, 
 *  you may find current contact information at www.novell.com.
 * 
 *  Author: Juan Carlos Luciani <jluciani@novell.com>
 *
 ***********************************************************************/
/***********************************************************************
 *
 *  README for CasaAuthtokenValidateD
 *
 ***********************************************************************/

INTRODUCTION

CasaAuthtokenValidateD provides a service that is utilized by libcasa_s_authtoken
for the validation of CASA Authentication Tokens.

Processes executing libcasa_s_authtoken communicate with CasaAuthTokenValidateD via
domain sockets. CasaAuthTokenValidateD validates authentication tokens by invoking
the appropriate CASA Authentication Token Java classes.

COMMAND LINE PARAMETERS

CasaAuthtokenValidateD has the following command line parameters:

   -b BeginThreads

      Optional parameter that specifies the initial number of threads utilized by the
      service to process requests.

   -g GrowThreads

      Optional parameter that specifies the number of threads by which the service can
      grow its thread pool utilized for processing requests.

   -m MaxThreads

      Optional parameter that specifies the maximum number of threads that the service
      can have in its thread pool for processing requests.

   -D DebugLevel

      Optional parameter that specifies the level used for logging debugging information.
      0 being the lowest debug level.

   -d
      Optional parameter that specifies that the service must be run as a daemon.

   -s
      Do not use multiple threads to call into the JVM when invoking the authentication
      token verification classes. This option was added to have a temporary work around
      to bug present in Sun's JVM Invoke Interface (BUG221420).

SECURITY CONSIDERATIONS

Appropriate rights need to be set on the folder used by CasaAuthtokenValidateD to
create its listeing socket to keep other services from hijacking it and taking on
the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its
listen socket in the /var/lib/CASA/authtoken/validate/ folder.

The SuSE rpm package for this component only allows processes executing as casaatvd
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
process to connect to it. This setup may allow a rogue process to easily launch a
denial of service attack on CasaAuthtokenValidateD. If this is not acceptable then
change the rigths on the folder to only allow selected users to connect to it.