On Thu, Sep 22, 2005 at 03:42:03PM +0100, Thomas Leonard wrote:
> Added. I put "Non-root install of system" as "No", as I don't think you
> can use it on any normal default Linux install (i.e, a typical Linux
> user can't use Konvalo without having root access).
it is fair to write "no" in the current reality where Coda client
is not running on an average default installation. Otherwise
Konvalo itself has no relation to the host (and its superuser).
> Could you explain the security system in more detail? I don't quite
> understand coda's system (clog authenticates clients, doesn't it?).
Each user normally has a Coda token for each Coda realm she accesses.
The tokens are to be acquired in advance, by the clog command, and are valid
usually for about 24 hours.
One of the modes of clog is to use an ssl connection to fetch an
"anonymous" token without having an account at the corresponding realm.
At that step the user explicitely verifies the authenticity of the realm
by using a corresponding public key.
Software is as trustworthy as the Coda realm which offers it.
For the moment it is not possible to "mirror" software offered via
Konvalo, and it is unclear whether there will be a real need for that
(or may be that can be totally delegated to the filesystem's internal
optimizations, like (hypothetical) inter-client cache sharing).
So, no need for signing programs themselves.
> Unfortunately, code-client won't install at the moment so I can't test
> it :-(
Do you mean http://www.konvalo.org/pub/coda-client-setup ?
It should work virtually everywhere, except for older or 64-bit Linux kernel.
(I know of one exception - RedHat Enterprise Linux does not include Coda
kernel module, but that's a bug in RHEL).
> - If konvalo.org was using digital signatures, could a user on a clean
> (but coda-enabled) system access it securely without needing root
> - If they could, would this affect other users? How do users decide
> whether to trust a particular key?
A user decides to trust a certain Coda realm, fetches its public key
certificate and stores it somewhere in her home directory, also instructing
clog to fetch the realm's token by default. The latter implies editing
Then each "clog" will renew the token for that realm.
Not used yet in practice, though.