libnaw (the Network Authentication Wrapper Library) is, in essence, a global, uniform authentication method. It can be used as a preloadable library, enforcing desired authentication mechanisms in software that may not support sufficient authentication of its own (a lot of commercial software fits this profile, for example); it can also be accessed via a simple API and linked into your own software. Since libnaw is preloadable, it can be dropped in place as-is, without modification to the program binary.
When a connect() or an accept() call is made, libnaw intercepts the call, matching the connection against a ruleset that it keeps in a cdb (constant database). If it finds a matching entry, it will act on the connection based on the properties of that entry. Libnaw has the ability to act as a tcp_wrappers replacement that can be used with standalone daemons, or, more importantly, it supports loadable modules for any form of authentication that an administrator or user desires. Module use is optimized, and modules may communicate with each other through a built-in data hash. More about this later.
The current stage is an early one, but all major library functionality is present. It may not yet work with some software, and it isn't yet thread safe. Some functionality needs streamlining. Modules need to be written. So test away. Write away. Try it out with your own software and form an opinion of your own. Submit bug reports and suggestions to the mailing list.
CURRENT BUNDLED MODULES:
true always succeeds, (unless something goes wrong with the data
hash)
false always fails
x509 performs X.509 certificate-based authentication
log-syslog syslog-based logging for naw
Where to go from here:
./INSTALL installation instructions ./CONFIG configuration instructions
./DOC/ directory full of implementation notes
./cfg/ directory with configuration examples and scripts
author: ari edelkind
mailing list: libnaw-subscribe@list.episec.com about libnaw: http://www.episec.com/people/edelkind/libnaw.html