<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
I already said this, but let me make it more clear: I don't think this
Authentication scheme is "the right one." I expect we'll throw it away
once we start having more control over the client side. This is a hack
to start covering up the security hole we have right now in OSGrid, the
Hypergrid, and other OpenSim-based open grids out there. Obviously,
this will be an optional module; walled-gardens don't need this [so
much].<br>
<br>
<br>
Hurliman, John wrote:
<blockquote
cite="mid:62BFE5680C037E4DA0B0A08946C0933D502DF2F3@rrsmsx506.amr.corp.intel.com"
type="cite">
<blockquote type="cite">
<pre wrap="">-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:opensim-dev-bounces@lists.berlios.de">opensim-dev-bounces@lists.berlios.de</a> [<a class="moz-txt-link-freetext" href="mailto:opensim-dev">mailto:opensim-dev</a>-
<a class="moz-txt-link-abbreviated" href="mailto:bounces@lists.berlios.de">bounces@lists.berlios.de</a>] On Behalf Of Justin Clark-Casey
Sent: Wednesday, February 25, 2009 9:18 AM
To: <a class="moz-txt-link-abbreviated" href="mailto:opensim-dev@lists.berlios.de">opensim-dev@lists.berlios.de</a>
Subject: Re: [Opensim-dev] User Authentication
Diva Canto wrote:
</pre>
<blockquote type="cite">
<pre wrap=""> Mike Mazur wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
On Tue, 24 Feb 2009 19:54:16 -0800
Diva Canto <a class="moz-txt-link-rfc2396E" href="mailto:diva@metaverseink.com"><diva@metaverseink.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">* Within a few days: write a simple [optional]
UserAuthenticationModule along the lines of option a) that does the
following: upon a NewUserConnection, regions will check with the
incoming user's User server that the declared user exists and is
logged into the system.
</pre>
</blockquote>
<pre wrap="">In a grid a region can be told (via a configuration option) which
</pre>
</blockquote>
</blockquote>
<pre wrap="">user
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">server to check. What about HG regions? How does an HG region know
which user server to ping? Is this information supplied by the
connecting client? If so, what's to prevent a malicious client from
supplying a user server that will always reply favorably?
</pre>
</blockquote>
<pre wrap="">The HG region sends that information along when the user moves away
</pre>
</blockquote>
<pre wrap="">from
</pre>
<blockquote type="cite">
<pre wrap="">the home UGAIM. The user carries along the collection of URLs of all
</pre>
</blockquote>
<pre wrap="">of
</pre>
<blockquote type="cite">
<pre wrap="">the servers it uses. It's ok if the given User Server @ foobar.com
always says yes -- that's not the problem. The problem we need to
</pre>
</blockquote>
<pre wrap="">detect
</pre>
<blockquote type="cite">
<pre wrap="">is the user claiming to be from Intel.com or OSGrid.org, when, in
</pre>
</blockquote>
<pre wrap="">fact,
</pre>
<blockquote type="cite">
<pre wrap="">isn't.
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">Furthermore, upon AddNewClient (which happens
shortly after), regions will challenge the incoming client with 3
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">UDP
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">Ping messages having random seq numbers, to which the incoming
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">client
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">must respond correctly
</pre>
</blockquote>
<pre wrap="">How does the client know the correct response?
</pre>
</blockquote>
<pre wrap="">In fiddling with the client after talking to Teravus, I discovered a
pair of response-reply packets that can be initiated from the server.
They are StartPingCheck / CompletePingCheck. They take a byte as
argument. The server sends StartPingCheck(33), the client responds
</pre>
</blockquote>
<pre wrap="">with
</pre>
<blockquote type="cite">
<pre wrap="">CompletePingCheck(33). Handy.
</pre>
</blockquote>
<pre wrap="">Just so I'm clear, your new scheme proposes the following steps?
1) When a client enters a new region (whether by initial login,
teleport or region crossing), the region server will
ask the user server if the IP given by the client matches that which it
has previously stored on the user login?
2) If these addresses match, then a further validation against spoofing
is performed by pinging the client using the
StartPingCheck. A client spoofing the address will not be able to
reply.
--
justincc
Justin Clark-Casey
<a class="moz-txt-link-freetext" href="http://justincc.wordpress.com">http://justincc.wordpress.com</a>
</pre>
</blockquote>
<pre wrap=""><!---->
As long as we accept the tradeoff that some HyperGrid teleport situations will no longer work. At work here we have an internal grid, where I can access it using my IP address of 10.xxx.xxx.xxx. I also have a connection to the outside world, where my IP address is currently 134.xxx.xxx.xxx. At my previous job, we had a load balancing router that was hooked up to a T1 and two DSL lines. It was smart enough that it would maintain each of your IP (and usually) UDP sessions on a single line, but if you went to talk to a new server it would most likely put that connection on a new line. If IPv6 ever rolls out, this would prevent and HyperGridding between IPv4 and IPv6 worlds.
I'm not saying +1 or -1 here, just that all of the implications of mixing IP layer internals into application layer decisions need to be taken into account.
John
_______________________________________________
Opensim-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Opensim-dev@lists.berlios.de">Opensim-dev@lists.berlios.de</a>
<a class="moz-txt-link-freetext" href="https://lists.berlios.de/mailman/listinfo/opensim-dev">https://lists.berlios.de/mailman/listinfo/opensim-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>