authd - authentication server daemon tcpuid, tcpuname - find out which user owns a connection authuser - remote authentication library authd is an implementation of RFC 931, the Authentication Server under BSD. RFC 931 provides the name of the user owning a TCP connection. This helps network security: unless TCP itself is compromised, it is impossible to forge mail or news between computers supporting RFC 931. It also becomes much easier to trace attackers than in the current, largely anonymous, network. authd requires no changes to current code: every connect() and accept() is authenticated automatically, with no loss of efficiency. tcpuid and tcpuname are the same program, but more suitable for local use from the command line by a user or system administrator. They show which local user created a given TCP connection. authuser is a library encapsulating client use of RFC 931. It talks to a remote Authentication Server to find out the username on the other side of a given connection. Only root can install authd. However, most current systems are insecure enough that any user can run tcpuid and tcpuname. authuser is meant for use by any program. authd version 3.01, February 7, 1991. Placed into the public domain by Daniel J. Bernstein. Some of the code in authd was inspired by code written by Vic Abell, abe@mace.cc.purdue.edu, for the ofiles program. Organization of README: 1. Files 2. Requirements 3. How to configure authd 4. How to compile authd 5. How to install authd 6. TODO list 1. Files: README this file FORMLETTER form letter to send to the author FILES file list INSTALL friendly installation script CHANGES description of changes since first distributed version Makefile compilation commands authd.c the authd program authuser.h the authuser include file authuser.c the authuser library authd.8 documentation for authd tcpuid.8 documentation for tcpuid tcpuname.8 documentation for tcpuname authuser.3 documentation for authuser test.c program to test authuser and authd netstatuid shell script to test tcpuname rfc931 RFC 931, Authentication Server 2. Requirements authd requires netstat, and it pokes around in several BSD-specific kernel structures. It is not inherently portable code. Nevertheless, it has been compiled under Ultrix, SunOS, and Convex UNIX, and it probably doesn't take much work to get running under pretty much any BSD system. authuser should compile and run without trouble on any BSD system. You must be root to install authd. However, authd's sister utilities, tcpuid and tcpuname, will probably work anyway if /dev/kmem is readable. Any program can use the authuser library. authd and authuser have been reported to work on the following systems. Sun 2/170, SunOS 4.0 Sun 4/280, SunOS 4.0.3 Sun 3/160, SunOS 4.1 Sun 3/180, SunOS 4.1 DECsystem-5820, Ultrix 4.0 DECStation-5400, Ultrix 4.1 VAX 8650, Ultrix 4.1 VAX (?), BSD 4.3 Convex C210, Convex UNIX 8.0 no kmem group---authd/tcpuid/tcpuname only work as root If your machine isn't in this list, and you get the programs working, *please* send a note to me at brnstnd@nyu.edu on the Internet describing what you had to do to make the programs compile. (Of course, please also let me know if you have trouble, or if you have comments, questions, or suggestions.) I'd rather be flooded with reports and be able to compile a more comprehensive list than have no feedback because everyone assumes someone else has talked to me first. Use FORMLETTER if you want. Thanks for being a good sport. 3. How to configure authd Either authd.c has the right magic to compile and run on your system, or it doesn't. In the first case you don't have to configure anything, and in the second case automatic configuration would be pretty much hopeless. (If authd doesn't compile, you might try sending me the compiler output to see if I can figure out how to make it work on your machine.) The authuser library should compile without trouble in any case. You can change CC or CCOPTS in Makefile if you want. If you want authd to record connections through syslog at LOG_DEBUG, define -DUSE_SYSLOG in the Makefile. 4. How to compile authd Just make. This will create authd, tcpuid, tcpuname, authuser.o, and test. 5. How to install authd If you don't have privileges, skip this part. By default, authd, tcpuid, and tcpuname are installed in /etc, authuser.o is installed as /usr/lib/libauthuser.a, authuser.h is installed in /usr/include, authuser.3 is installed in /usr/man/man3, and authd.8, tcpuid.8, and tcpuname.8 are installed in /usr/man/man8. The binaries are installed setgid to group kmem. If you want to change these defaults, edit INSTALL. Then run INSTALL in a root shell; the script will check every action with you before doing it. To test tcpuname, make sure it is in your path, and run netstatuid. You should get a report of all active network connections including usernames. To test authuser and authd, run ./test. You should get an ``everything looks okay'' message. 6. TODO list fast multiple-connection version of tcpuid/tcpuname, like netstatuid? should write a few notes on the exact security provided by rfc 931