Architecture

Figure 5: Architecture of netAuth

The design of netAuth emphasizes the separation of authentication, authorization, and cryptographic mechanisms away from the application.

The overall architecture is shown in Figure 5. Applications communicate with each other using APIs which emphasize process authentication--the one component of netAuth which must be visible to networked application code. There are two types of communications, both of which flow over an IPsec tunnel between the hosts:

• the application's protocol (or data, for performing its function) and
• the netAuth authentication information.

The authentication information is managed by two netAuth daemons--netAuthClient and netAuthServer--which perform the public key operations for user authentication but also enable the process' change-of-ownership.