Appendix C. Security Overview

Table of Contents
C.1. Distributing Keys and Certificates
C.2. Security Configuration and Diagnostic Tools
C.3. Secure Creation of Computer Objects

Security level selection for Caldera Volution Manager takes place during the installation and configuration of the Volution Manager Server (VM Server). There are two options for security: minimal and normal. Minimal security is suitable for most installation where users are trusted, trackable, and usually not hostile. Normal security is suitable for installations where users are not trackable or not trusted such as in a public library.

C.1. Distributing Keys and Certificates

Volution Manager uses a simplified public key infrastructure (PKI) which is based on the confidentiality of the Volution Manager Authority key. The Volution Manager Authority key is generated (or supplied by the administrator) as part of the VM Server installation. The Volution Manager Authority key is Data Encryption Standard 3 (DES3) encoded using a password supplied by the administrator. The installation provides the option to save the Volution Authority key on a floppy.

Important: It is imperative that the integrity of the Volution Authority Key is maintained. For information on what to do if you lose your

The key is used to generate a self-signed Certificate Authority (CA) certificate that is distributed to all VM Clients and is also used to issue VM Server keys and certificates to the VM Server.

The Volution CA certificate is distributed to the VM Clients. The CA certificate is then used by the VM Clients to verify the VM Server certificate which must be signed by the Volution Authority Key. The Volution Manager CA certificate is distributed using one of the following methods:

C.2. Security Configuration and Diagnostic Tools

Volution Manager provides configuration tools that facilitate basic key generation and distribution.

The majority of Volution Manager security configuration functionality is encapsulated by a small shared library. The main function of this library is to abstract the storage and retrieval of the Volution Manager private key and the Volution Manager certificate. The library also supplies calls to generate private keys and certificates, use installed Volution keys to sign various forms of data, generate Volution certificate fingerprints, and supply miscellaneous Volution specific key and certificate information.

C.3. Secure Creation of Computer Objects

Volution Manager uses the server-side computer creation daemon (volutionccd) to automate the process of creating computer objects. When a VM Client starts for the first time, it performs the following operations that interact with volutionccd.

On subsequent initialization, the VM Client performs the following operations:

C.3.1. Secure Software Repository

The Software Repository Daemon (referred to as the SRD, the actual daemon name is volutionsrd) monitors the SRD Source Directory for new software packages to process. When you copy software packages to the SRD Source Directory, the SRD verifies the software for authenticity and integrity. The SRD calculates an MD5 hash for each software package, signs this hash with the Volution Manager private key, and moves it along with the software package using an identifiable name (for example, myrpm.rpm.sig) to a HTTP or FTP reachable destination.

The next time the SRD is scheduled to check the Source Directory, volutionsrd finds the new packages and copies them to the Destination Directory, which makes them available via the HTTP (default) or FTP server. The SRD then generates a signature security file for that package and creates a package object in the Software Repository.

The VM Client uses the Volution Manager certificate (already delivered during the computer creation process) to verify the signature before installing a package.