% wallet-slides.tex -- Slides for AFS talk on the wallet. % $Id: wallet-slides.tex 75 2006-06-06 17:27:17Z eagle $ % % Written by Russ Allbery \documentclass[landscape,semhelv]{seminar} \usepackage{url} \usepackage{hyperref} \newpagestyle{mypagestyle}% {Stanford University \hfil \thedate \hfil \thepage}% {\hfil Russ Allbery (rra@stanford.edu) \hfil} \pagestyle{mypagestyle} \begin{document} \begin{slide} \begin{center} {\large Wallet} \\ Secure Data Distribution and Management \vspace{1in} Russ Allbery \\ June 6, 2006 \end{center} \end{slide} \begin{slide} \section*{Contents} \begin{itemize} \item The Starting Point \item Overview and Goal \item remctl \item remctl v2 \item Wallet Structure \item Classes of Data \item Authorization Methods \item Data Storage Methods \item Implementation Details \end{itemize} \end{slide} \begin{slide} \section*{The Starting Point} \begin{itemize} \item \texttt{leland\_srvtab} to distribute srvtabs and keytabs \item keytab support underdocumented and strange \item Supports cached keytabs, questionable implementation \item Based on IBM sysctl, K4 authentication only \item Only supports ACL files on disk \end{itemize} \end{slide} \begin{slide} \section*{Overview and Goal} \begin{itemize} \item Distribute keytabs with better ACL management than kadmin \item Use the same method for certificates, passwords, etc. \item Store or automatically generate \item Allow upload of data into the wallet \item Flexible authorization system \item Self-contained distributable client \end{itemize} \end{slide} \begin{slide} \section*{remctl} \begin{itemize} \item Simple replacement for sysctl \item Already in extensive use \item Check an ACL and run a command, nothing more \item A few problems: \begin{itemize} \item 32KB output size limit \item Cannot stream output \item No library interface \item No persistant connections \item Weird and underdocumented protocol \item Unfortunate choice of ports \end{itemize} \end{itemize} \end{slide} \begin{slide} \section*{remctl v2} \begin{itemize} \item Redesigned and \textit{documented} protocol \item Down-negotiates to the old protocol when needed \item No output size limits, streaming output \item Persistant connections \item Client library with simple API \item Extensive test suite \end{itemize} \end{slide} \begin{slide} \section*{Wallet Structure} \begin{itemize} \item Server runs under remctl for authentication \item Stores predefined classes of secure data \item Split into three layers: \begin{itemize} \item Data storage and generation layer \item Authorization layer \item Metadata layer that links the two \end{itemize} \item Support arbitrary authorization and data methods \end{itemize} \end{slide} \begin{slide} \section*{Classes of Data} \begin{itemize} \item keytabs regenerated on each request \item keytabs pulled from the KDC database \item SSL certificate private keys stored by user \item Stanford-signed certificates generated on the fly \item Arbitrary files (database passwords) stored by user \item Almost certainly others to come... \end{itemize} \end{slide} \begin{slide} \section*{Authorization Methods} \begin{itemize} \item remctl provides authentication but only authorization for administrative functions \item Basic authorization: ACL files on disk or in MySQL \item PTS group membership \item LDAP group membership or attribute presence \item NetDB roles (particularly for host keytabs) \end{itemize} \end{slide} \begin{slide} \section*{Data Storage Methods} \begin{itemize} \item File stored on disk \item Data generated on the fly (kadmin for keytabs) \item Data retrieved from elsewhere (pre-existing keytabs) \end{itemize} \end{slide} \begin{slide} \section*{Implementation Details} \begin{itemize} \item Client linked statically with Kerberos, remctl \item Some Kerberos-specific knowledge in client: generating srvtabs, merging keytabs \item Server written in Perl \item MySQL for metadata store \item Runs on secure host, but not on KDC \item Backend remctl call to retrieve existing keys from KDC \end{itemize} \end{slide} \end{document}