Brent N. Chun ~ California Institute of Technology ~ CACR

Overview

authd is a software package for obtaining and verifying user credentials which contain cryptographic signatures based on RSA public key cryptography. It includes (i) a server (authd) for authenticating local users through Unix domain sockets and process credentials and (ii) a client library (libauth.a) for requesting new credentials and verifying credentials signed by the server. In the context of clusters, authd is typically used by installing a single cluster-wide RSA public/private key pair on all nodes and running authd everywhere. Given this arrangement, client programs running on any node can obtain and present timestamped credentials to cluster services which can then verify user identities using the cluster-wide public key. Compared to other approaches for authentication, authd's scheme is attractive since it obviates the need for users to manage their own public/private key pairs.

Software

Update: authd source code and releases are now maintained as part of the Ganglia project. (Note: the source is listed under the gexec-authd directory.) The authd source can be checked out via svn at: http://sourceforge.net/svn/?group_id=43021. The source code can be browsed directly at: http://ganglia.svn.sf.net/viewvc/ganglia/trunk/gexec/authd. See the Ganglia SourceForge page for more.

Version Release Date Source RPM(s) SRPM
v0.2.3 06.04.2008 authd-0.2.3.tar.gz authd-0.2.3-1.i386.rpm
 authd-0.2.3-1.src.rpm
v0.2.2 09.14.2004 authd-0.2.2.tar.gz authd-0.2.2-1.i386.rh9.rpm
authd-0.2.2-1.i386.rpm
 authd-0.2.2-1.src.rpm
v0.2.1 04.29.2002 authd-0.2.1.tar.gz authd-0.2.1-1.i386.rpm
authd-0.2.1-1.ia64.rpm		 authd-0.2.1-1.src.rpm
v0.2.0 03.19.2002 authd-0.2.0.tar.gz authd-0.2.0-1.i386.rpm
v0.1 03.11.2002 authd-0.1.tar.gz authd-0.1-1.i386.rpm
ChangeLog

Documentation

Installing authd (from source or via the RPM) on a cluster of machines involves three steps:

  1. Generation of a cluster-wide RSA public/private key pair:

    foo# openssl genrsa -out auth_priv.pem
    foo# chmod 600 auth_priv.pem
    foo# openssl rsa -in auth_priv.pem -pubout -out auth_pub.pem

  2. Distribution of the cluster-wide RSA public/private pair (on each node, say bar1, bar2, ...):

    foo# scp auth_priv.pem bar1:/etc/auth_priv.pem
    foo# scp auth_pub.pem bar1:/etc/auth_pub.pem
    foo# scp auth_priv.pem bar2:/etc/auth_priv.pem
    foo# scp auth_pub.pem bar2/etc/auth_pub.pem
    foo# ......

  3. Installing the RPM (on each node, say bar1, bar2, ...):

    bar1# rpm -ivh authd-0.2.3-1.i386.rh9.rpm
    bar2# rpm -ivh authd-0.2.3-1.i386.rh9.rpm
    bar3# ......

The RPM installation/uninstallation handles the installation/uninstallation of the software and the starting/stopping the authd daemon. Once the cluster public/private key is installed on all nodes and the authd RPM is installed on all nodes, the installation is done and authd should be running everywhere.

License

BSD license.

Feedback

Send questions, comments, bugs to Brent Chun.

You might also be interested in authd's web page on freshmeat.

bnc, PGP Public Key