Authentication questions
G. Blake Meike
bmeike at openmobileww.com
Tue Feb 21 08:39:57 PST 2012
Great explanation, Simon. Thx.
... I think I've even seen a bug, around, describing the incorrect use of the monotonic timescale...
Guess I need to read up on credential passing.
-blake
On Feb 21, 2012, at 8:26 AM, Simon McVittie wrote:
> On 21/02/12 15:39, G. Blake Meike wrote:
>> - When I attempt to authenticate with my system's session bus, I am
>> offered ANONYMOUS as a legal authentication mechanism. It appears,
>> though, that if I use it, the server immediately drops the connection
>> once I send BEGIN.
>
> I believe this may mean that the anonymous pseudo-user is authenticated
> (trivially: you don't need to do anything to prove that you are the
> anonymous pseudo-user), but unauthorized (it may not connect: only the
> Unix/Windows user who owns the session may do that).
>
> See, for instance, RFC 4422 "Simple Authentication and Security Layer
> (SASL)" §2 "Identity Concepts" for the difference between authentication
> and authorization.
>
>> and, btw, is
>> there a way to make the server accept the (totally unsafe) ANONYMOUS
>> authentication mechanism?
>
> Yes, although possibly only by modifying the source code.
>
>> - When I look at the timestamps in the file
>> .dbus-keyring/org_freedesktop_general, for instance, they do not seem
>> to be, as the spec suggests, UTC seconds since the epoch. They seem
>> to be off by a factor of about 1200.
>
> It's possible that they're incorrectly using the system's monotonic
> timescale (seconds of real-time since an arbitrary time, not counting
> time during which the system was suspended, and continuing to "tick
> upwards" even if the system's clock is corrected). That'd be a bug,
> albeit one that doesn't necessarily affect many users.
>
> (Most users of D-Bus are on Linux or FreeBSD systems where
> credentials-passing works, so they don't have to use DBUS_COOKIE_SHA1
> and can use EXTERNAL authentication instead; most of the remaining users
> aren't trying to share a session bus across multiple machines, which is
> the only reason why the timestamp should be consistently
> seconds-since-epoch.)
>
> S
> _______________________________________________
> dbus mailing list
> dbus at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dbus
G. Blake Meike | OpenMobile WorldWide Inc. | bmeike at openmobileww.com |
T:617 440 3500 x104 | Skype:bmeike-openmobile | F:617 440 3501 |
Twitter:openmobileww | www.openmobileww.com
More information about the dbus
mailing list