|Caldera Volution Manager Installation Guide|
Security level selection for Caldera Volution Manager takes place during the installation and configuration of the Volution Manager Server (VM Server). There are two options for security: minimal and normal. Minimal security is suitable for most installation where users are trusted, trackable, and usually not hostile. Normal security is suitable for installations where users are not trackable or not trusted such as in a public library.
Volution Manager uses a simplified public key infrastructure (PKI) which is based on the confidentiality of the Volution Manager Authority key. The Volution Manager Authority key is generated (or supplied by the administrator) as part of the VM Server installation. The Volution Manager Authority key is Data Encryption Standard 3 (DES3) encoded using a password supplied by the administrator. The installation provides the option to save the Volution Authority key on a floppy.
Important: It is imperative that the integrity of the Volution Authority Key is maintained. For information on what to do if you lose your
The key is used to generate a self-signed Certificate Authority (CA) certificate that is distributed to all VM Clients and is also used to issue VM Server keys and certificates to the VM Server.
The Volution CA certificate is distributed to the VM Clients. The CA certificate is then used by the VM Clients to verify the VM Server certificate which must be signed by the Volution Authority Key. The Volution Manager CA certificate is distributed using one of the following methods:
Select normal security. You can verify the fingerprint by using the -c switch on the./install.sh installation script or by running the Volution Manager Key Tool. Both methods allow you to cross check the fingerprint on a downloaded Volution Manager CA certificate to make sure it matches the CA certificate on the VM Server before accepting it. For information on using./install.sh -c see:
The Volution Manager Key Tool is a command line key and certificate configuration tool that allows you to view, import, and configure keys and certificates installed on your system. It provides an extra measure of security. It must be run after the VM Client is manually installed but before it is started. For information on running the Volution Manager Key Tool on each platform, see:
Allow the VM Client to automatically download the CA certificate.
The CA certificate is downloaded to the VM Client by default. If you select normal security and you want to run the Volution Manager Key Tool you can manually verify the CA certificate fingerprint before starting the VM Client.
Automatic download of certificates is facilitated by a mini CA server that is built into the computer creation daemon, volutionccd. The mini CA server registers its existence via SLP and sends the Volution Manager CA certificate (via TCP stream) to VM Clients that request it. VM Clients only accept an automatically downloaded certificate if it is the only certificate available. In other words, if more than one mini CA server exists and more than one CA certificate is available for automatic download, the VM Client won't accept any CA certificates.
Volution Manager provides configuration tools that facilitate basic key generation and distribution.
The majority of Volution Manager security configuration functionality is encapsulated by a small shared library. The main function of this library is to abstract the storage and retrieval of the Volution Manager private key and the Volution Manager certificate. The library also supplies calls to generate private keys and certificates, use installed Volution keys to sign various forms of data, generate Volution certificate fingerprints, and supply miscellaneous Volution specific key and certificate information.
Volution Manager uses the server-side computer creation daemon (volutionccd) to automate the process of creating computer objects. When a VM Client starts for the first time, it performs the following operations that interact with volutionccd.
Checks for a Volution Manager CA certificate. If a Volution Manager CA certificate does not exist, the VM Client automatically downloads it.
Locates the server-side computer creation daemon using SLP.
Establishes an SSL connection (using the Volution Manager CA certificate to verify the "ServerHello" certificate.
Sends information about the client to volutionccd.
Receives and stores the LDAP object distinguished name (DN) for the computer object. For more information on LDAP object naming, see Section 22.214.171.124.
The computer authenticates to the LDAP directory using the DN and password.
Enter the VM Client into a ready state.
On subsequent initialization, the VM Client performs the following operations:
Connects via SSL using the certificate currently installed to verify the SSL "ServerHello" certificate.
Authenticates to the LDAP directory using the computer object's DN and password.
If authentication fails, the VM Client contacts the computer creation daemon (volutionccd). The volutionccd attempts to locate the moved object. If it can't be found, a new object is created and this information is passed back to the VM Client. The VM Client then authenticates to LDAP.
Enters the VM Client into a ready state.
The Software Repository Daemon (referred to as the SRD, the actual daemon name is volutionsrd) monitors the SRD Source Directory for new software packages to process. When you copy software packages to the SRD Source Directory, the SRD verifies the software for authenticity and integrity. The SRD calculates an MD5 hash for each software package, signs this hash with the Volution Manager private key, and moves it along with the software package using an identifiable name (for example, myrpm.rpm.sig) to a HTTP or FTP reachable destination.
The next time the SRD is scheduled to check the Source Directory, volutionsrd finds the new packages and copies them to the Destination Directory, which makes them available via the HTTP (default) or FTP server. The SRD then generates a signature security file for that package and creates a package object in the Software Repository.
The VM Client uses the Volution Manager certificate (already delivered during the computer creation process) to verify the signature before installing a package.