Previous Next Contents

1. Introduction

1.1 About suas

Suas is a secure centralized user authentication service. It allows each suas user to authorize him/herself over network and mount secure his/her home directory from nfs server. It means for you that all users created on suas "server" can log in on all workstation and share their homes from nfs server.

Suas is covered by the GNU General Public License. Current development platform is Linux/i386, but other unix-alike systems are known to work.

1.2 How does it work

Suas server is unix daemon which authenticates users. When user is sucessfully authenticated suas tell to nfs daemon that user successfully logged into system from workstation. So nfs daemon allows user to access home directory. When user logs out, suas disallow anybody to access user's directory.

Suas administration is not currently finished yet. You must create users on server (It means you must login onto server) and user cannot change their password/shell/name over network.

You must of course change authentication scheme on workstations. If you are using PAM (Pluggable Authentication Modules) you can use pam_suas. If you are using login from util-linux, you can apply patches to login.c and install new login. Last possible way how-to install suas support is suamaster with getty's. Then suamaster will replace getty(1) program.

Suamaster is master daemon for workstation and manages working users on workstation. It's function is simple but important: It communicates with suad, authorizes users and logs out them when user ends session. You can run suamaster in a standalone or a getty mode. Getty mode also manages consoles and shows "Login:" messages. When you are using suamaster in standalone mode you must have getty/login programs.

Suad - the Suas daemon - communicates with workstations and nfs daemon and authorizes users. It's recommended to run this daemon on physically secure station.

Network communication is done by secure MD5 challenge/response. No password is sent over insecure network in plaintext form. Suas uses TCP/IP as transmission protocol.


Previous Next Contents