Re: authentication (SRP*, DH, TLS)



gmu2006@xxxxxxxxx writes:
I'm working on a commercial product which was ported from
win32 to GNU/Linux. While doing so we have used TCP/IP
sockets instead of Named Pipes for IPC. By doing so
we've lost the big advantage of having DACLs set on the
named pipes that prevent unauthorized access to the
services.
Now I'm trying to recreate that with the tcp sockets version.
Because of the performance hit we can't use TLS which
checks client+server certificates for preventing MITM.

After evaluating the possibilities I've come to the conclusion
that SRP-6 could be a possible solution.

I don't think SRP6 will be that much faster than TLS.

If you were using named pipes before, it sounds like the client and
server are on the same machine. Is there some reason you don't use
AF_UNIX sockets instead of AF_INET (i.e. TCP)? AF_UNIX sockets offer
some authentication mechanisms that might do what you need, though
probably not the same as Windows DACL's. See the socket docs for
"ancillary messages".
.



Relevant Pages

  • authentication (SRP*, DH, TLS)
    ... sockets instead of Named Pipes for IPC. ... Now I'm trying to recreate that with the tcp sockets version. ... "GNU Library General Public License" under. ... not sure (I'll assume this is LGPL) this is legal as LGPL ...
    (sci.crypt)
  • Re: Communications Between Program and Controlling Program
    ... Named pipes if you are working within a single Windows domain (or domains with mutual ... Sockets if you need to work across multiple domains. ... Also, no matter what your protocol is, make sure that you can handle multiple startup ...
    (microsoft.public.vc.mfc)
  • Re: Best way to do interprocess communication?
    ... My personal choice would be between named pipes and sockets. ... connectionless and can therefore broadcast. ... app) have a message pump and you can get a window handle, ...
    (microsoft.public.vc.mfc)
  • IPC : Named Pipes, RPC and Sockets etc.
    ... In SQL Server BOL it it is mentioned that Named Pipes, RPC and Sockets ... What are these IPC mechanisms? ...
    (microsoft.public.sqlserver)
  • Re: UFS extended attributes
    ... On Sun, 9 Apr 2006, Duane Whitty wrote: ... wondering if all types of files have extended attribute blocks available including named pipes, sockets, and device files? ... Extended attribute storage is available for all objects in UFS, including files, directories, named pipes, UNIX domain sockets, and device nodes. ...
    (freebsd-hackers)