[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NFS implementation details

    Date: Wed, 22 Feb 89 16:52 EST
    From: pc@ctt.ctt.bellcore.com (Peter Clitherow)

    Is there someone with knowledge about NFS protocols?  (Anyone from ILA
    read this list?)  I had originally directed the question below to the
    comp.unix.wizards and comp.sys.sun newsgroups, but having less than
    complete response there, i thought i'd try this avenue.

    Presumably, the NFS code ILA wrote interfaces to ypservers in some
    fashion, so someone up there must know the details of the protocols...

    From: pc@ctt.bellcore.com (Peter Clitherow)
    Newsgroups: comp.unix.wizards, comp.sys.sun
    Subject: yppasswd on SUNs.
    Sender: pc@ctt.bellcore.com (Peter Clitherow)
    Reply-To: pc@ctt.bellcore.com (Peter Clitherow)
    Distribution: usa
    Organization: Bellcore - Weird Ideas Factory
    Keywords: port-mapper, yppasswd

    I have a need to develop a yppasswd interface for a non-SUN machine
    (specifically, a LISP Machine), and not being a Unix or SUN wizard,
    cannot find where the details of the yppasswd protocol is documented.
    Can some kind soul enlighten me?  I believe, that if i ask on TCP/UDP
    socket 111 (port mapper) for the socket that yppasswd uses, then i can
    use this to authenticate a login from a yp server of some kind.

    Or is there an easier way to do all this?

Passwords in UNIX are checked by login, not yppasswd.  login checks passwords
by encrypting them and checking them against the encrypted password found in
either /etc/passwd or by looking up a user in the passwd.byname yellow pages
map.  yppasswdd doesn't come into this.

If you wanted to do UNIX style password checking on a lisp machine you have to
do a bit of work, and the result will be only a marginal security increase,
since anyone can redefine any of your functions and circumvent any access

In order to talk to yellow pages, you will have to either buy ILA-NFS or write
you own Lisp Machine implementation of Sun's RPC protocols.  I suggest reading
DOD internet RFCs 1014 and 1057 for a specification of Sun's RPC protocol.
Then look in the sun doc or source for the the specification of Yellow Pages
as an RPC "program", probably in the network programming section.  I estimate
it would take one man-month if you wanted to implement it from scratch.

You could save that man-month by using ILA-NFS.  Then you can talk directly to
a yellow pages server through the stubs that it uses.  Look in the sun doc or
source for the specification of Yellow Pages as an RPC program, and then look
in the file sys:nfs;rpc-utilities.lisp for how nfs talks to Yellow pages.  For
example, to lookup the encrypted password for a username, you just call
(nfs::username-password host username).

Either way you would still have to write a lisp machine implementation of
crypt, since you will have to encrypt a password to check it against the data
in the passwd database. This isn't trivial, since it essentially is equivalent
to writing a DES for the lisp machine.  The time this would take varies a lot
depending on your familiarity with DES and how good a lisp hacker you are.
Could be a day or two to a month.

An alternative to doing all this is by just having the UNIX REXEC server do
your password checking for you, by just REXECing some dummy command.  Since
UNIX REXEC requires a password, you can get a password checked by just trying
out something trivial, and if it succeeds, you know the password is good.
Meta-point unix-rexec in ZMACS to see the source to an attempt to access
remote tape drives through UNIX REXEC.  Use that as a starting point for a
password checking program.  This is a good solution because the amount of work
you put into it would be more in line with the amount of security you might
get out of it.