Authenticated sockets

voeck · June 20, 2008, 5:23pm

Hello,

I am working on a TServerSocket based network server. Since I need some kind user authentication I am interested in authenticated sockets. But the ROOT documentation doesn’t say so much about them or I am just too blind to find it. How do I use them correctly? What kind of authentications are possible with them? Can somebody give a few hints or push me onto some documentation please?

Regards,
Sebastian

ganis · June 23, 2008, 12:57pm

Dear Sebastien,

The tutorial macros $ROOTSYS/tutorials/net/authclient.C and $ROOTSYS/tutorials/net/authserver.C contain an example of the way to setup an authenticated connection.

You can try the example directly on your machine, assuming that you have an sshd daemon running.
You need to ROOT sessions: in the first one you have to run authserver.C with, as argument, a port number:

root [0] .x authserv.C(3000)
authserv: starting a (parallel) server socket on port 3000 with authentication

In the second session you have to run ‘authclient.C’:

root [0] .x authclient.C("localhost:3000")
authclient: starting a (parallel) authenticated socket at phttp://localhost:3000 (size: 0)
Password:
authclient: auth socket: OK

On the first session you should get something like this

root [0] .x authserv.C(3000)
authserv: starting a (parallel) server socket on port 3000 with authentication
RpdUser: passwd hash not available for user ganis
RpdUser: user ganis cannot be authenticated with this method
authserv: srv auth socket: OK

The error messages indicates that the special root-dedicated password has not been setup; the applications then tried automatically to authenticate via SSH and this succeeded.

The next question is: what authentication protocol would you like to use for your application? What is available is what described in
root.cern.ch/root/Auth.html
which is an old page but still valid; I will take the occasion to clean it up, simplify it and add a section for TServerSocket.

In the meanwhile, I hope that with a few iteration we can set the thing up for you.

Finally, note that authentication in ROOT is basically available only for unix systems.

Gerri Ganis