Network authentication

netAuth enables the owner of a process to be changed upon successful network authentication. Authentication is implemented as follows:

• the server system administrator must enable UBNS change-of-ownership by specifying the netAuthenticate privilege for the service.
• the client process requests the OS to create a connection and a time-limited connection-specific digitally signed authenticator⁵ [31].
• the server process explicitly requests the OS to perform network authentication. The user authentication is only usable by the designated server process (it is non-transferable).

This mechanism requires that the client-side system administrator enable the client to use netAuth authentication, and the server-side administrator provide the netAuthenticate privilege. As we shall see, application code changes to support authentication are trivial on both client and server sides.

Because public key signatures are used for authentication, the log containing these signed exchanges proves that the client requested user authentication. This property both helps to debug the mechanism and to ensure that even the server administrator cannot fake a user authentication. Lastly, since no passwords are used over the network, this scheme is impervious to password guessing attacks.