[Opensim-dev] User Authentication

Wed Feb 25 18:11:39 UTC 2009

I already said this, but let me make it more clear: I don't think this 
Authentication scheme is "the right one." I expect we'll throw it away 
once we start having more control over the client side. This is a hack 
to start covering up the security hole we have right now in OSGrid, the 
Hypergrid, and other OpenSim-based open grids out there. Obviously, this 
will be an optional module; walled-gardens don't need this [so much].

Hurliman, John wrote:
>> -----Original Message-----
>> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
>> bounces at lists.berlios.de] On Behalf Of Justin Clark-Casey
>> Sent: Wednesday, February 25, 2009 9:18 AM
>> To: opensim-dev at lists.berlios.de
>> Subject: Re: [Opensim-dev] User Authentication
>>
>> Diva Canto wrote:
>>     
>>>   Mike Mazur wrote:
>>>       
>>>> Hi,
>>>>
>>>> On Tue, 24 Feb 2009 19:54:16 -0800
>>>> Diva Canto <diva at metaverseink.com> wrote:
>>>>
>>>>
>>>>         
>>>>> * Within a few days: write a simple [optional]
>>>>> UserAuthenticationModule along the lines of option a) that does the
>>>>> following: upon a NewUserConnection, regions will check with the
>>>>> incoming user's User server that the declared user exists and is
>>>>> logged into the system.
>>>>>
>>>>>           
>>>> In a grid a region can be told (via a configuration option) which
>>>>         
>> user
>>     
>>>> server to check. What about HG regions? How does an HG region know
>>>> which user server to ping? Is this information supplied by the
>>>> connecting client? If so, what's to prevent a malicious client from
>>>> supplying a user server that will always reply favorably?
>>>>
>>>>         
>>> The HG region sends that information along when the user moves away
>>>       
>> from
>>     
>>> the home UGAIM. The user carries along the collection of URLs of all
>>>       
>> of
>>     
>>> the servers it uses. It's ok if the given User Server @ foobar.com
>>> always says yes -- that's not the problem. The problem we need to
>>>       
>> detect
>>     
>>> is the user claiming to be from Intel.com or OSGrid.org, when, in
>>>       
>> fact,
>>     
>>> isn't.
>>>
>>>       
>>>>> Furthermore, upon AddNewClient (which happens
>>>>> shortly after), regions will challenge the incoming client with 3
>>>>>           
>> UDP
>>     
>>>>> Ping messages having random seq numbers, to which the incoming
>>>>>           
>> client
>>     
>>>>> must respond correctly
>>>>>
>>>>>           
>>>> How does the client know the correct response?
>>>>
>>>>         
>>> In fiddling with the client after talking to Teravus, I discovered a
>>> pair of response-reply packets that can be initiated from the server.
>>> They are StartPingCheck / CompletePingCheck. They take a byte as
>>> argument. The server sends StartPingCheck(33), the client responds
>>>       
>> with
>>     
>>> CompletePingCheck(33). Handy.
>>>       
>> Just so I'm clear, your new scheme proposes the following steps?
>>
>> 1)  When a client enters a new region (whether by initial login,
>> teleport or region crossing), the region server will
>> ask the user server if the IP given by the client matches that which it
>> has previously stored on the user login?
>>
>> 2)  If these addresses match, then a further validation against spoofing
>> is performed by pinging the client using the
>> StartPingCheck.  A client spoofing the address will not be able to
>> reply.
>>
>> --
>> justincc
>> Justin Clark-Casey
>> http://justincc.wordpress.com
>>     
>
> As long as we accept the tradeoff that some HyperGrid teleport situations will no longer work. At work here we have an internal grid, where I can access it using my IP address of 10.xxx.xxx.xxx. I also have a connection to the outside world, where my IP address is currently 134.xxx.xxx.xxx. At my previous job, we had a load balancing router that was hooked up to a T1 and two DSL lines. It was smart enough that it would maintain each of your IP (and usually) UDP sessions on a single line, but if you went to talk to a new server it would most likely put that connection on a new line. If IPv6 ever rolls out, this would prevent and HyperGridding between IPv4 and IPv6 worlds.
>
> I'm not saying +1 or -1 here, just that all of the implications of mixing IP layer internals into application layer decisions need to be taken into account.
>
> John
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20090225/2a5ae81b/attachment-0001.html>