Check out the new USENIX Web site.


Figure 5: Architecture of netAuth
Image architecture
The design of netAuth emphasizes the separation of authentication, authorization, and cryptographic mechanisms away from the application.

The overall architecture is shown in Figure 5. Applications communicate with each other using APIs which emphasize process authentication--the one component of netAuth which must be visible to networked application code. There are two types of communications, both of which flow over an IPsec tunnel between the hosts:

The authentication information is managed by two netAuth daemons--netAuthClient and netAuthServer--which perform the public key operations for user authentication but also enable the process' change-of-ownership.

Manigandan Radhakrishnan 2008-05-13