netAuth enables the owner of a process to be
changed upon successful network authentication.
Authentication is implemented as follows:
This mechanism requires that the client-side system administrator
enable the client to use netAuth authentication, and
the server-side administrator provide the netAuthenticate privilege.
As we shall see, application code changes to support authentication
are trivial on both client and server sides.
- the server system administrator must enable UBNS
change-of-ownership by specifying the netAuthenticate privilege
for the service.
- the client process requests the OS to create a connection
and a time-limited connection-specific
digitally signed authenticator5 .
- the server process explicitly requests the OS
to perform network authentication.
The user authentication is only usable by the designated server process
(it is non-transferable).
Because public key signatures are used for authentication,
the log containing these signed exchanges proves that the
client requested user authentication.
This property both helps to debug the mechanism and to ensure
that even the server administrator cannot fake a user authentication.
Lastly, since no passwords are used over the network,
this scheme is impervious to password guessing attacks.