Security and Password Management

The C_INIT actor authenticates users issuing commands from the host.

The ChorusOS operating system can be configured in secure mode, where remote host access is checked through the /etc/security administration file, located on the target root file system (see security(4CC)). In addition, users' credentials may be specified in this file, overriding default C_INIT configuration values.

If an /etc/security file exists, it must have read permissions for everybody to allow C_INIT to read it with the default credentials (user identifier 0 and group identifier 0). Secure mode is then activated. In this mode, C_INIT authenticates every command it receives from the host. Authentication can fail for two reasons:

• The user name of the remote user which issued the rsh command is not found in the security file.

• The remote host, from which the rsh command came, is not in the remote host's list of users.

In this case, a permission denied message is sent back to the host and the command is aborted.

If the authentication procedure succeeds, the user's privilege credentials (user identifier or uid, group identifier or gid and additional groups) are read from the security file. Trusted users have access to the full set of C_INIT commands.

The ChorusOS operating system also features the ability to manage users' passwords through its password management feature. Related files are located in /etc/master.passwd and /etc/group. The introduction of these files to the ChorusOS operating system enables more flexible security management, in addition to the standard /etc/security file. You can choose to enable the password management feature by running pwd_mkdb.

The C_INIT daemon can run in non-secure mode, in secure mode or in password mode. If C_INIT is running in password mode the login name of the user is first identified in /etc/spwd.db, and then in /etc/security for additional information, such as remote host access permission. If the latter file does not exist, default values apply. If C_INIT is running in secure mode, the login name of the user is identified only in /etc/security.

If C_INIT is runing in non-secure mode, every user is treated as a trusted user and inherits the C_INIT default credentials , uid 0 and gid 0. These are by default zero.

In this case, if the host machine has exported the file system to be mounted with the default mapping of root to nobody, it is necessary that read and execute permissions for the target executable files be given to everybody. Otherwise C_INIT will not have the right to execute the application binaries.

To override the default credentials uid 0 and gid 0, you can use environment variables; these enable you to modify the system dynamically. To modify the deafult credentials:

$ rsh target setenv CINIT_DEFAULTUID some_value
$ rsh target setenv CINIT_DEFAULTGID some_value

Another way to circumvent the problem of C_INIT not having the right to execute the application binaries is by inhibiting the mapping of root to nobody on the host.

The /etc/ldap.conf file contains information about the location of the LDAP server for password management. Information about this file is contained in ldap.conf(4CC).

Further information on password management and how it affects various secure operations in this version of the ChorusOS operating system can be found in these man pages: getpwnam(3STDC), getgrent(3STDC), ,passwd(1M), pwd_mkdb(1M). group(4CC), rshd(1M), ftpd(1M), telnetd(1M).