User access control

Currently JNode has no user access control what so ever.
I think this needs to change and users need to identify themselves, before that can gain access JNode. In other words they need to logon.

Since i think passwords are really outdated, i do not want to use them. Every computer users has just too many passwords and there is this whole mess of password changing policies etc. Let's avoid this in JNode.

Since security is very important, i propose to use a hardware device for user identification. E.g. a USB smartkey could be used, but devices like eye readers of fingerprint readers should work.
The interesting part of an USB smartkey is that you can store data on it, so it can serve as an identification mechanism, but also as a place to store personal settings.

So what do you all think?
Ewout

Auth

Passwords are a neccessity as they are the only simple authentication mechanism that does not require any fancy hardware and is compatible with all computers as its a software solution. Though, passwords should be the most primitive 'fallback' auth, and any method of having a more secure means should be made avialable.

As for should home users have passwords... yes and no. The root users shoulda _always_ have a means of auth as any 13 year old kid will be hacking the boxes if it doesnt have any auth.

What about a solution like PAM (Pluggable Authentication Modules). I worked with them in linux some time ago, but i'd need to refresh myself on their specifics. The basic idea was with some added software modules, and configuration files you have very fine grained control of every form of authentication with every application, not just the system logon.

I would recommend for a simple start though, to allow testing of multiuser access (ssh tunnels and such), have a simple one-way hash passwd DB.

what are you thinking ???

people waht are you thinking about ???

ALL kind of OS NEED USER ACCESS CONTROL

waht is that , HARDWARE DEVICES ?? or other shi....

people you try to generalice your work or use it only you ????

there are some place where are not usb port , floppy drives, and other king pf periferic , only mouse , keyboard , and a network to navigate the web
the people that could use because the want , i mean the hardware device is toooooooooooooooooooooooooooooooooooooo less than other that dont want use that things and this king of people want to use a normal access control system
similar to linux version , windows and the others

hardware device ?? hmmm

and sorry by my english

let the admin choose its policy :)

I think it's better to let the administrator who will install JNode to choose the policy that (s)he prefer. Here are the choices :

- no user access control : that's the situation actually in JNode (it is only single user for now)
- classic access : with a login and a password (like in windows, linux, ...)
- securised environment : use of biometric media (eye readers, fingerprint readers ...), usb key, magnetic card reader

anyway, I don't expect to have a multiuser environment before the next year. So, the access control will come after.

Fabien

my blog (in english and french)

How about some kind of authority key ?

What bout using a digital signature to identify the user? The public keys can be loaded into the Jnode key database, and once the user logs in, it can search for the digital signature on the key perhaps? (or floppy disc, or some kind of network transport mechanism).

Pehaps even a challenge-response protocol, thereby eliminating the possability of they key being intercepted via the internet (perhaps once the digital signature is identifyed, and pass phrase could be generated by jnode, which is then encrypted by the users secret key and sent back, thereby identifying that user is the corrct user).

This could be done automatically using a utility, or manually, whichever the user prefers.

I think with the plugin architecture I think it should also be possible to use some kind of password identification plugin, if only for testing, or those users who do not want the added security of using digital signatures, or hardware identification.

Matt.

Modern OSs need user access control

Why not look into JAAS? As I understand the javax.security.auth.spi.LoginModule, the mechanism to authenticate an user depends totally on the individual implementation (USB-Stick or plain old password).

http://java.sun.com/products/jaas/overview.html

If we provide an empty implemenation which does an automatic logon to the root account, we would not bother home users.

JAAS is ok, Automatic Root Login is not ok

Using JAAS is a good idea but I don't think users should be logged in as root or administrator by default.

There should be a root account setup by default, but users should be working under an account with limited priviliges (that is also setup by default). I.e. the user account should not be able to install plugins etc., since users logged in as administrator by default are at great danger when e.g. opening email attachments with worms etc.

When an action is to be done that requires administrator privileges, a dialog should popup to ask the user if he wants to switch to the root account now for this single action. This switch might be initiated by applications using an API or automatically, but finally the user decides to do the switch or to abort. It is even possible to switch to the root without having to enter a password. Of course you are free to define a password or another credential to limit access to trusted persons only.

Sebastian

Home users don't need access control

I think most most home users don't need any access control at all. Their computers are mostly shared among the whole family and accounts are only used for personlization, not to protect anything, if the whole family isn't simply using one account.

For corporate users a smartkey may be very interesting, but I worry it may hinder adoption. At least for getting started with Jnode users should be able to use passwords (e.g. until they got their smartkey).

Another solution that might help circumvent the too-many-passwords problem might be to use a federated identiy mechanism like the one the Liberty Alliance ( http://www.projectliberty.org/ ) is working on. I think this mechanism allows to share an account across multiple sites.

Sebastian

Re: Access Control Not Needed in Homes

I disagree. Access control also allows people to secure their personal user profile and files besides ensuring only authorized users get access to a system - A LOT of people use it, I assure you!

Cody A.W. Somerville

Home users DO need access control

I'm a home user and a corporate user, but i do not want my daughter to be able to access my banking information of my JNode account for that matter.

Ewout

Maybe ...

Ok, there may of course be situations where home users need access control. But I think they are not often using it.

E.g. for your online banking account you will normally get a spearate login from your bank. In order to protect your online banking data you don't need access control, unless you save your online-banking password in your browser. In this case your should use access control to protect your browser's password store, of course.

But even then users might conclude they don't need to use access control, as long as they can trust their friends / relatives visiting them.

Naturally this case is limited to private desktop and mobile computers. E.g. it might not be that bad if someone loses his personal laptop, at least not compared to loss of a business laptop. Ok, the person looses all his email, games, documents and music stored on his PC. But as long as he doesn't stores his online banking login data in the browser nobody will be able to steal money from him.

The loss of his collected information (email, documents, games, licenses etc.) will hurt much more than knowing that someone may be sitting in the subway reading out loud from the email he sent to his grandma.

Of course, everything changes when we're talking about commercial users having commercially exploitable secret information stored on their computers.

Sebastian