>-----Original Message----- >From: [email protected] [mailto:opensim-dev- >[email protected]] On Behalf Of Justin Clark-Casey >Sent: Wednesday, February 25, 2009 9:18 AM >To: [email protected] >Subject: Re: [Opensim-dev] User Authentication > >Diva Canto wrote: >> Mike Mazur wrote: >>> Hi, >>> >>> On Tue, 24 Feb 2009 19:54:16 -0800 >>> Diva Canto <[email protected]> wrote: >>> >>> >>>> * Within a few days: write a simple [optional] >>>> UserAuthenticationModule along the lines of option a) that does the >>>> following: upon a NewUserConnection, regions will check with the >>>> incoming user's User server that the declared user exists and is >>>> logged into the system. >>>> >>> >>> In a grid a region can be told (via a configuration option) which >user >>> server to check. What about HG regions? How does an HG region know >>> which user server to ping? Is this information supplied by the >>> connecting client? If so, what's to prevent a malicious client from >>> supplying a user server that will always reply favorably? >>> >> The HG region sends that information along when the user moves away >from >> the home UGAIM. The user carries along the collection of URLs of all >of >> the servers it uses. It's ok if the given User Server @ foobar.com >> always says yes -- that's not the problem. The problem we need to >detect >> is the user claiming to be from Intel.com or OSGrid.org, when, in >fact, >> isn't. >> >>>> Furthermore, upon AddNewClient (which happens >>>> shortly after), regions will challenge the incoming client with 3 >UDP >>>> Ping messages having random seq numbers, to which the incoming >client >>>> must respond correctly >>>> >>> >>> How does the client know the correct response? >>> >> In fiddling with the client after talking to Teravus, I discovered a >> pair of response-reply packets that can be initiated from the server. >> They are StartPingCheck / CompletePingCheck. They take a byte as >> argument. The server sends StartPingCheck(33), the client responds >with >> CompletePingCheck(33). Handy. > >Just so I'm clear, your new scheme proposes the following steps? > >1) When a client enters a new region (whether by initial login, >teleport or region crossing), the region server will >ask the user server if the IP given by the client matches that which it >has previously stored on the user login? > >2) If these addresses match, then a further validation against spoofing >is performed by pinging the client using the >StartPingCheck. A client spoofing the address will not be able to >reply. > >-- >justincc >Justin Clark-Casey >http://justincc.wordpress.com
As long as we accept the tradeoff that some HyperGrid teleport situations will no longer work. At work here we have an internal grid, where I can access it using my IP address of 10.xxx.xxx.xxx. I also have a connection to the outside world, where my IP address is currently 134.xxx.xxx.xxx. At my previous job, we had a load balancing router that was hooked up to a T1 and two DSL lines. It was smart enough that it would maintain each of your IP (and usually) UDP sessions on a single line, but if you went to talk to a new server it would most likely put that connection on a new line. If IPv6 ever rolls out, this would prevent and HyperGridding between IPv4 and IPv6 worlds. I'm not saying +1 or -1 here, just that all of the implications of mixing IP layer internals into application layer decisions need to be taken into account. John _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
